Creating a Custom ESXi VIB for vSphere Lifecycle Manager (vLCM) Remediation

As a Technical Adoption Manager (TAM), I recently received a request from one of our customers to create a custom ESXi VIB that could be used with vSphere Lifecycle Manager (vLCM) and would only require the ESXi host to reboot as part of the remediation. This might sound like a strange request, but there are good reasons for this approach. In this blog post, I will outline the steps to create such a custom VIB and how it can be used with vLCM.

Background

———-

vSphere Lifecycle Manager (vLCM) is the successor to vSphere Update Manager (VUM), and it provides a more comprehensive set of features for managing updates and remediation across vSphere environments. One of the key benefits of vLCM is that it allows for offline bundles, which can be used to create custom VIBs that can be imported into vLCM for remediation.

Custom VIB Requirements

———————–

To create a custom ESXi VIB for vLCM remediation, we need to follow certain requirements:

1. The VIB must be signed with a valid certificate.

2. The VIB descriptor.xml file must set the live-install-allowed and live-remove-allowed options to allow the host to reboot after installation and removal of the VIB respectively.

3. The VIB must be compatible with both vSphere 7.x and 8.x.

Creating a Custom ESXi VIB

—————————-

To create a custom ESXi VIB, we can follow these steps:

Step 1 – Download the pre-built offline bundle from the Github repo or build your own using the instructions provided in my previous blog post.

Step 2 – Ensure the ESXi software acceptance level is configured with Community Support since the custom VIB would not be signed. You can do so by following the instructions provided here using either the vSphere UI or ESXCLI.

Step 3 – Use the vSphere UI to import the offline bundle by navigating to Lifecycle Manager->Actions and then clicking on the Import Updates operation.

Step 4 – Create or edit a vSphere Cluster that is managed by a vLCM Image by navigating to Update->Image->Edit and then clicking on the Add Components operation to select the ESXi reboot component and then click save.

Step 5 – Lastly, apply the remediation to the vSphere Cluster and a reboot will be required after the ESXi component has been installed on the host as demonstrated in the screenshot below.

[Insert Screenshot]

Benefits of Custom VIBs for vLCM Remediation

———————————————

Using custom VIBs for vLCM remediation offers several benefits, including:

1. Flexibility – Custom VIBs can be created to address specific issues or requirements that are not covered by the standard vSphere updates.

2. Efficiency – By using a custom VIB, we can avoid the need for a full reboot of the ESXi host, which can save time and reduce downtime.

3. Automation – Custom VIBs can be automated using vLCM, allowing for more efficient and consistent remediation across multiple hosts.

Conclusion

———-

In this blog post, we have explored the process of creating a custom ESXi VIB for vSphere Lifecycle Manager (vLCM) remediation. By following these steps, you can create a custom VIB that can be used with vLCM to perform remediation with minimal downtime and increased efficiency. As vSphere environments continue to evolve, the ability to create custom VIBs for vLCM remediation will become increasingly important.

Using Non-Standard Syslog Ports in ESXi: A Game Changer

As a seasoned IT professional, you may be familiar with the default syslog ports used by ESXi hosts for audit, compliance, and troubleshooting purposes. However, if you need to use a non-standard syslog port, the current solution has been less than ideal. But fear not, as vSphere 8.0 Update 2b and vSphere 7.0 Update 3p have brought a welcome enhancement to the table.

In the past, configuring a non-standard syslog port required either creating a custom VIB or modifying the local.sh startup script, which could be time-consuming and less than ideal for maintenance purposes. However, with the latest releases of vSphere, you can now enjoy the benefit of a dynamic ESXi ruleset when using non-standard syslog ports.

Here’s an example of how to configure a custom syslog port 12345 on your ESXi host:

Configure the syslog server with port 12345:

“`markdown

EsxiHost.config.syslog.server = “udp://192.168.1.100:12345”

“`

As you can see, the ESXi firewall will automatically create a dynamic ruleset that opens up the specified port for outbound connectivity. This feature is especially useful if you need to use a non-standard syslog port for any reason.

The best part? The dynamic ruleset will persist even after a reboot of the host, so you don’t have to worry about reconfiguring the firewall every time the host restarts.

Categories // ESXi, vSphere 7.0, vSphere 8.0 Tags // ESXi 7.0 Update 3p, ESXi 8.0 Update 2b, firewall, syslog

In the comments section, CLaudio asks if the rule will be permanent even after a reboot of the host, and I confirm that it will indeed be persistent. Arun also comments, asking for help with creating the dynamic rule on an ESXi 7.0u3p host, which I answer with more information on how to troubleshoot any issues that may arise.

Overall, this new feature in vSphere is a game changer for anyone using non-standard syslog ports on their ESXi hosts. No longer do you have to worry about the hassle of customizing the firewall ruleset or relying on a custom VIB. With the dynamic ESXi ruleset, you can easily configure your syslog server with any port you choose, and the firewall will take care of the rest.

VMware Cloud Foundation (VCF) 5.1.1 has been released with several new features and capabilities, one of which is the “License Later” feature, also known as evaluation mode. This feature allows users to deploy VCF without requiring component license keys upfront, making it easier for users to test and evaluate the product.

To use the License Later feature, users can select “No” when prompted to enter a license key during deployment. This will allow the deployment to proceed without any licenses, and all components will be in evaluation mode. The evaluation mode is valid for 60 days, after which users must apply a license key to continue using the product.

It’s important to note that when deploying VCF using the Cloud Builder API, users must append the “deployWithoutLicenseKeys” parameter with a value of “true” to the deployment JSON file. This will allow the deployment to proceed without any licenses.

In addition, there is a new entry in the workbook called “License Now” which allows users to select “No” and leave all license fields blank. This will also enable the License Later feature.

I have already updated my VCF Automated Lab Deployment script to support the new evaluation mode with VCF 5.1.1, as I have received requests from customers asking about this capability.

In response to a question from shhwang, the License Later feature is valid for 60 days, and users can apply licenses within SDDC Manager using individual component licenses or the new single solution license key.

To answer Manu’s question, if users continue the deployment without a license, they can finish the deployment and all components will be in evaluation mode. To apply licenses, users can do so within SDDC Manager using individual component licenses or the new single solution license key.

Finally, Jason Kirk asked about how to get VCF 5.1.1 bits for his lab. Unfortunately, the only way to obtain VCF 5.1.1 is through the VMware Partner Network (NSF) program or by purchasing an annual VMUG Advantage subscription. I recommend reaching out to VMware or a authorized partner to inquire about the availability of VCF 5.1.1 for your lab.

In conclusion, the License Later feature in VCF 5.1.1 makes it easier for users to test and evaluate the product without the need for component license keys upfront. This feature is valid for 60 days, after which users must apply a license key to continue using the product. To apply licenses, users can do so within SDDC Manager using individual component licenses or the new single solution license key.

Based on the information provided, it appears that you have passed the VMware/NetApp solution associate exam. Here is a summary of the information:

* You took the exam on Sunday and received the result “Pass” on the screen.

* The exam consisted of 50 questions, mostly multiple choice, and was 2 hours long.

* You were able to log in to the CertMetrics website and see your exam results, including the pass date and time.

* Your credentials, including your certification status and expiration date, are visible on the My Credentials menu of the CertMetrics website.

It’s great to hear that you passed the exam! As a freelance instructor for VMware/NetApp solutions, this certification will be beneficial for your career. Keep in mind that your credentials have a validity period of 2 years and 1 month from the exam date.

As a VMware user, you may be aware that staying up-to-date with the latest software versions is crucial to ensure the security and stability of your virtual infrastructure. However, what happens when VMware moves the files or no longer supports your version, and you need to install updates manually? In this blog post, we will explore how to install vSphere Installation Bundle (VIB) files manually using the ESX Command-Line Interface (esxcli) commands.

Firstly, it’s important to note that VMware provides a convenient one-line method for installing updates using the vSphere Client. However, if you need to install updates manually, you can use the esxcli command to download and install the VIB files.

To find the updates needed for your version of vSphere, you can visit the @VFrontDe RSS feed, which provides a list of new releases for 2015, as well as older versions if needed. This is a convenient way to stay informed about the latest updates and security patches without having to search through multiple websites or rely on manual checks.

Once you have identified the updates you need, you can download the VIB files manually using the esxcli command. To do this, you will need to open a terminal or command prompt on your ESXi host and run the following commands:

1. First, check the current version of vSphere installed on your host by running the command “esx-ctl –version”. This will display the current version number, which you can use to determine if an update is available.

2. Next, download the VIB files for the desired update using the command “esxcli software profile update –fetch “. Replace “” with the name of the update you want to install.

3. Once the VIB files have been downloaded, you can install them using the command “esxcli software profile update –install “. Again, replace “” with the name of the update you want to install.

4. After the installation is complete, you can verify that the update has been applied successfully by running the command “esx-ctl –version” again. The new version number should be displayed.

It’s important to note that installing updates manually using the esxcli command can be a time-consuming process, especially if you have multiple hosts or a large virtual infrastructure. However, this method provides greater flexibility and control over the update process, allowing you to install updates at your own pace and on your own schedule.

In conclusion, staying up-to-date with the latest software versions is crucial for maintaining the security and stability of your virtual infrastructure. While VMware provides a convenient one-line method for installing updates using the vSphere Client, there may be situations where you need to install updates manually using the esxcli command. By following the steps outlined in this blog post, you can easily download and install the VIB files needed to keep your vSphere environment up-to-date and secure.

Troubleshooting a Fully Utilized Logical Volume in Linux

As a Linux user, you may encounter issues with your logical volume (LV) becoming fully utilized, leading to errors and difficulties when trying to resize or modify the volume. This is especially common when using a virtual machine (VM) with a small initial disk size, and then installing multiple packages and updates over time. In this blog post, we’ll explore how to troubleshoot and resolve issues with a fully utilized LV in Linux.

Understanding the Structure of a Logical Volume

Before diving into troubleshooting, it’s essential to understand the structure of a logical volume. A logical volume is a virtual disk that is created from one or more physical disks. It consists of three parts:

1. Physical volume (PV): This is the actual disk space that is used to create the LV.

2. Volume group (VG): This is a collection of PVs that are combined to form a single LV.

3. Logical volume (LV): This is the virtual disk that is created from the VG.

When you create a VM, you typically start with a small initial disk size, which may not be enough for your needs over time. As you install packages and updates, the LV will become fully utilized, leading to errors and difficulties when trying to resize or modify the volume.

Troubleshooting a Fully Utilized Logical Volume

To troubleshoot a fully utilized LV, follow these steps:

1. Check the Disk Usage

Use the `df -H` command to check the disk usage of your VM’s disk. This will show you how much space is available on your disk and which files and directories are using up the most space.

2. Extend the Volume Group

To extend the volume group, you’ll need to add more space to the VG. You can do this by extending the PVs that make up the VG. Use the `pvctl` command to extend the PVs, and then use the `vgs` command to verify that the VG has been extended.

3. Extend the Logical Volume

Once you’ve extended the VG, you can extend the LV to take up the additional space. Use the `lvresize` command to resize the LV, and then use the `df -H` command again to verify that the LV has been resized successfully.

4. Remove the APT Cache

If your partition is completely full, you may encounter a “no space left” error when trying to resize the LV. In this case, you can remove the APT cache by running the following command:

“`css

sudo apt-get clean all

“`

This will free up some space on your disk and allow you to complete the operation.

5. Check for Errors in the Log

After resizing the LV, check the log files to ensure that the operation was successful. You can use the `dmesg` command to view the kernel logs, or the `journalctl` command to view the system journal.

Conclusion

Troubleshooting a fully utilized logical volume in Linux can be a bit tricky, but it’s essential to understand the structure of a LV and how to extend the VG and LV to resolve issues. By following the steps outlined in this blog post, you should be able to troubleshoot and resolve any issues with your LV, ensuring that your VM has enough disk space for your needs.

In today’s fast-paced digital landscape, staying ahead of the curve when it comes to cloud computing strategies is essential for businesses looking to remain competitive. That’s why VMware, a leader in multi-cloud solutions, has released its Multi-Cloud Briefing, a quarterly online series dedicated to informing and educating viewers on the latest cloud trends and technologies.

The briefing features demos by industry experts, along with special guests, all focused on providing actionable insights and practical advice for businesses looking to navigate the complex world of multi-cloud computing. With the rise of hybrid and public clouds, it’s more important than ever for organizations to have a solid understanding of their cloud options and how to leverage them for maximum benefit.

The briefing covers a range of topics, from cloud security and compliance to DevOps and application modernization. Viewers can expect to learn about the latest innovations in cloud computing, as well as practical advice on how to deploy and manage multi-cloud environments. The briefing also features live demos of VMware’s cutting-edge solutions, giving viewers a firsthand look at the latest technologies and how they can be applied in real-world scenarios.

One of the key themes of the briefing is the importance of a multi-cloud strategy for businesses looking to remain competitive in today’s digital landscape. With so many cloud options available, it can be difficult for organizations to know where to start or how to choose the right clouds for their needs. VMware’s experts will provide guidance on how to create a comprehensive multi-cloud strategy that aligns with your business goals and objectives.

Another important topic covered in the briefing is cloud security and compliance. As more and more data is moved to the cloud, it’s essential for organizations to have a solid understanding of how to protect their data and ensure compliance with relevant regulations. VMware’s experts will provide insights on the latest security threats and how to mitigate them, as well as practical advice on how to maintain compliance in a multi-cloud environment.

The briefing also touches on the topic of DevOps and application modernization. As businesses look to innovate and stay ahead of the curve, it’s essential for them to have a solid understanding of how to modernize their applications and adopt a DevOps approach to software development. VMware’s experts will provide guidance on how to do this, as well as practical advice on how to integrate cloud-native technologies into your existing IT infrastructure.

Overall, the Multi-Cloud Briefing from VMware is an essential resource for businesses looking to stay ahead of the curve when it comes to cloud computing strategies. With its focus on practical advice and real-world demos, this online series provides a unique opportunity for viewers to learn from industry experts and gain valuable insights into the latest cloud trends and technologies. So if you’re looking to take your multi-cloud strategy to the next level, be sure to tune in to the Multi-Cloud Briefing from VMware.

As a side note, it’s worth mentioning that the briefing is powered by WordPress, a popular content management system that allows users to easily create and manage online content. This highlights the importance of having a solid content strategy in place when creating an online series like the Multi-Cloud Briefing, as well as the need for easy-to-use tools and technologies that can help you achieve your goals.

As a system administrator, it is crucial to keep your Linux systems up to date with the latest security patches and updates. This is especially true for servers that are exposed to the internet, as they are more vulnerable to attacks. In this blog post, we will discuss some best practices for keeping your Linux systems secure and up to date.

Update Regularly

The first step in keeping your Linux system secure is to update it regularly. This includes updating the operating system, as well as any installed software and packages. It is recommended to update your system at least once a week, or whenever new updates become available.

Layer Your Security

As mentioned earlier, it is important to layer your security to mitigate potential risks. This means using multiple security measures such as firewalls, reverse proxies, and access controls to protect your system. For example, you can use the unattended-upgrades package on Ubuntu to automate security updates and patches.

Create a Secure User

When setting up your Linux system, it is important to create a secure user account. This should be done with least privilege access, which means giving the user only the necessary permissions to perform their tasks. This will help limit the damage that can be caused by a compromised account.

Set Up SSH Keys

SSH (Secure Shell) is a popular method for remotely accessing Linux systems. To enhance security, it is recommended to use SSH keys instead of passwords. This will eliminate the risk of password guessing attacks. To set up SSH keys, you can use the following command:

ssh-keygen -t rsa -b 4096

This will generate a public and private key pair. The public key should be added to the authorized_keys file in the home directory of the user account.

Disable Password Logins

To further enhance security, it is recommended to disable password logins for all user accounts. This can be done by editing the /etc/ssh/sshd_config file and setting PermitRootLogin to “no” and PasswordAuthentication to “no”.

Configure Services and Ports

It is important to configure services and ports to only allow necessary access. This can be done using the Linux built-in firewall (UFW) or other firewalls such as Fail2Ban. UFW allows you to easily allow or deny traffic to specific ports, while Fail2Ban provides a more comprehensive IP blocking feature.

Use Least Privilege Access

As mentioned earlier, it is important to use least privilege access for all user accounts. This means giving users only the necessary permissions to perform their tasks. This will help limit the damage that can be caused by a compromised account.

Monitor Your System

It is important to regularly monitor your Linux system for any suspicious activity or updates. This can be done using various tools such as SSH, Fail2Ban, and UFW. Additionally, you should regularly check the system logs to ensure that there are no security issues or anomalies.

In conclusion, keeping your Linux system up to date and secure is crucial for protecting against potential attacks and vulnerabilities. By following these best practices, you can ensure that your system is well-protected and running smoothly. Remember to always use least privilege access, disable password logins, and monitor your system regularly for any security issues or updates.

The VMWare vExpert Program: A Community of Excellence

As a vExpert, I can confidently say that the best part of this program is the community. The members are truly valuable and always willing to help out. Whether it’s a question or a new technology to explore, there’s always someone who has done it before and can offer guidance. The sense of camaraderie and collaboration is unparalleled, and it’s a testament to the strength of the vExpert community that we can all come together to share knowledge and expertise.

One of the standout benefits of being a vExpert is the leadership. Corey and the team are always introducing us to new technologies and bringing us into vExpert sessions led by leading vendors. These sessions are an invaluable opportunity to learn from the best and get hands-on experience with cutting-edge technology. And let’s not forget the access to licenses that we can use for POC (proof of concept) and testing. This is a huge benefit for those of us who like to tinker and explore new ideas.

Last year, one of the benefits was receiving a Maxtang Mini PC as a gift (BYO RAM & HDD). While I was happy with my current Gigabyte/NVidia NUC, I decided to give the Maxtang a try. Unfortunately, the Realtek NIC was not supported, so I had to order some additional hardware to get it up and running. But that’s a story for another time.

One of the challenges I faced when installing VMWare on the Maxtang was the lack of support for USB network cards in the install ISO from VMWare. Luckily, the community has developed a ‘fling’ that supports USB network cards, so we have to create a custom ISO of ESXi and inject the drivers into the image. If you’re interested in learning more about this process, Florian Grehl from Virten.net has a great article on how to install the fling and make a custom ISO.

Once I got the ISO written to a USB, the installation was relatively smooth. I did have to disable TPM in the BIOS, as I was getting an error. But after that, I was able to install ESXi 8 and run a few VMs without issues. My plan is to install some Kubernetes and possibly NSX-T, so we’ll see how far I get.

In conclusion, the vExpert program is an incredible resource for anyone interested in virtualization technology. The community is top-notch, and the leadership is always pushing us to learn more and explore new ideas. So if you haven’t already, I highly recommend joining the vExpert program and becoming a part of this amazing community.

Thank you to the vExpert team and all those who support this program!

As a web developer, I have often found myself in situations where my clients are looking for customizable and editable features on their websites. One such feature that is commonly requested is the ability for users to display their social media profiles in a visually appealing format. Recently, I had a group of people who were registered on my website and wanted to showcase their Twitch accounts along with other social media profiles like Pinterest and TikTok. While updating the website’s theme did not add any new social icons, I found a simple solution by using custom PHP code as suggested in the Ultimate Member documentation.

In this blog post, I will share my experience of adding custom social fields to a WordPress website using Ultimate Member and how you can do it too.

The Problem and the Solution

The problem was that even after updating the theme, the users were not able to see their desired social media profiles on their user profiles. The solution was to use custom PHP code to add more social fields as suggested in the Ultimate Member documentation.

How to Add Custom Social Fields

To add custom social fields, you can use the following code snippet and add it to the file functions.php in the active theme directory. You can also create a child theme and update that one instead of editing the parent theme. This script will add Pinterest, TikTok, and Twitch, but you can modify it to add whatever social media platforms you want.

The code snippet is as follows:

“`php

function ultimate_member_custom_social_fields() {

$fields = array(

‘pinterest’ => ‘Pinterest’,

‘tiktok’ => ‘TikTok’,

‘twitch’ => ‘Twitch’,

);

return apply_filters(‘um_custom_social_fields’, $fields);

}

add_filter(‘um_social_fields’, ‘ultimate_member_custom_social_fields’);

“`php

In this code, we have defined an array of fields that will be displayed on the user profile page. These fields are Pinterest, TikTok, and Twitch. We have also added a filter to apply the custom social fields to the user profiles using the `um_custom_social_fields` hook.

Benefits of Using Custom PHP Code

Using custom PHP code to add custom social fields has several benefits. Firstly, it allows you to have complete control over the design and functionality of your website. You can modify the code to fit your specific needs and requirements. Secondly, it ensures that your website’s functionality is not limited by the theme or plugin that you are using. Finally, using custom PHP code makes your website more flexible and scalable as you can easily add new features without having to update the entire theme or plugin.

Conclusion

In this blog post, we have discussed how to add custom social fields to a WordPress website using Ultimate Member. We have also explored the benefits of using custom PHP code to achieve this feature. By following the steps outlined in this post, you can easily add custom social media profiles to your website and make it more visually appealing for your users. So go ahead and give it a try!