HomeLab Rookie – Networking Mis-steps-stakes

So going along with last post about how I am really not great with the administration of vSphere, or the setup(last time was 5.5). Its time to look at the more fundamental stuff, and how bad I am with the Network component.

Addendum: I hope these help someone out there grow themselves. I know I’m growing in leaps and bounds as I learn through doing.

My Goal was to create 2 subnets, one for home, and one for the lab. I want these to be open to each other to an extent(l2) but still be stable(still working on that part)

Ubiquity

So I decided to grab some ubiquity networking pieces to start. I grabbed the Ubiquity Edge Switch to go along with my Netgear Nighthawk router. I was looking for VLAN capabilities, and my goal was to setup the subnets on the router and then pass them through on the switch.

Learning point 1: VLANs

So its worth pointing out that VLANs on the features of a product don’t really mean SUBNET/VLANs. This kinda bit me in the butt a while, because I ended up trying to create one basic subnet and tried to create a VLAN with a different subnet… No Bueno… In fact when I created VLANs on the router, the whole thing crashed.¬† However, I found out that the Ubiquity switch I had was a dream to work with (after I updated the firmware). However, I looked and looked and the switch can pass through VLANs, but again, not subnet it.

Learning point 2: Devices

So for anyone looking into doing this, Its worth looking into your ISP and see if more speed is needed. I found out that I was more than doubling my devices and would need to look into my speed usage. It may not be an issue, but for me I found out that for a small figure I’d double my speed. So sure! I got a lot of OVA’s to download anyway ūüėČ

Learning point 3: Unified Management

So there I was swapping from Netgear to Ubiquity and back. Finally I gave in and bought the Ubiquity Edge Router. I went with this one cause the price point didn’t phase me and the functionality of the router looked tremendous. Well, I learned how much this thing could do. I literally love this little box that could. It does the subnet VLANs that I wanted as well as DHCP servers for both subnets. I went with the WAN+2LAN2 connection and set my home to a 192, and my lab to a 10. Oh man, I love this thingubntrouter

The firewall, services, natting, just so much for me to learn in this tiny little box. Once I got this setup, I changed my Netgear into an access point, and set the ISP connection to static from the router. One thing about the Ubiquity Edge Router though, these small boxes use a big plug than so they take up like 2-3 spots in the UPC. Which leads me to the next point.

Learning point 4: Power

If you saw where I am going, it gets better. So every hour or so my whole network would just crash. I’d lose both my LAB and home networks and it would cause some severe anger in my brain(I think I have a couple extra knots in my back from it). I went through SOOO many settings to figure out what it is. I reset the firewall settings(which wasn’t easy considering all I’ve done before was Windows Firewall). Set specific VLAN subnets and reset. Set port forwarding when I couldn’t figure out why I needed to. Well, this went on for about a month(which is also why I have been slacking on posts). I just couldn’t move forward with an unstable lab. Well yesterday I was at the end of my tether. I troubleshooted each device one at a time. During troubleshooting each device my anger boiled. Finally I found out the little box that could was the culprit. It would crash and everything would just die. So I pulled it out to RMA it to get another one, or the gateway(As I hear good things about it). When lo and behold I realized it… I had plugged the central router into a crappy extension cord. *Le Sigh*. Just… no…. If you use a UPC like me and find your missing ports… Get These

Thoughts

I cant express how much I’ve grown doing these things. I’ve figured out so much and learned in this past month more about architecture in the past couple years.

IT is so segregated right now that we lose sight that each feature has to troubleshoot differently, and its really hard. Especially for a Rookie to try to keep swapping gears. I’ve learned from the pure windows standpoint, then PowerShell automation, then vRA. I’ve never been allowed to play with the other parts. But with this Lab, I’m getting to. If your on the edge thinking if a home lab is worth it… It is. Even in a corporate lab, I still wouldn’t learn this much. However, If your not interested in the whole stack, why deal with the trouble right?(and it is Trouble).

RELEASES

This week VRA7.6 was released doing some EXTREMELY needed updates to Orchestrator, Vrops 7.5 was also released plus ESXI 6.7U2 Get to downloading and updating folks! Now go break stuff, and learn how to fix it.

 

The One About Tagging..

So with the future of datacenter segmentation looking like tagging in IT we have seen a major push towards VMtagging around the cubes. Well at least I have.

Lets not mix words. I hated tags. It was basically like putting a sticky note on a machine with no management to make sure things ARE tagged, and no way to easily do tag assignment in bulk. Sound familiar… maybe like a naming convention? Here was the RUB for me. A naming convention is right in front of everyone’s face and it puts the devs in line. Tagging, however, is 100% infrastructure team(or virtual team depending on your organization size).¬† Well, by the end of this post I should think better of tags… and maybe you will too?

PowerCLI

Get PowerCLI

Lets be real. If your not using PowerCLI for automated management of your vCenter your doing yourself a disservice. For one, its a really good resource to pull information across the entire vCenter and dump it in front of yourself in different formats(.csv, .xml etc.). Another is that PowerCLI allows assignment and adjustment across multiple VMs. So for tags of course PowerCLI would be your go-to for assignment, adjustment, and removal.

There are multiple code sources out there for tag assignment. Here are a couple excerpts. NOTE: always remember to assign to the proper vCenter for the tags, Assigning to vCenter b to assign a tag to a VM in vCenter A will not work even if the IDs are identical.

Connect-viserver vcenter1 -user vcenteruser -pass vcenterpassword

This connects the your client machine to the needed vCenter. Though tag ID is now the same across linked vCenters PowerCLI needs you to assign to the VM’s vCenter to assign the tag. We’ll get more into this later.

From here you can run your gets, removal, and assignments of tags by NAME. so

get-tag -name ‘tagname’

This can be set to a variable like: $tag = get-tag -name ‘tagname’¬†which can then be assigned to a VM. So lets just see a simple VM get and tag assignment.

$vms = Get-VM vmname*
$tag = Get-Tag -name "TheCoolestTag"
$vms | New-TagAssignment -Tag $tag

NOTE: the astrisk after “vmname” is a wildcard, it it actually pulls a group of VMs starting with “vmname”. If you want to do one at a time(and why would you) remove the * and put the full VM name.

Just a simple get and assign of tags through powerCLI. Now lets look at the same thing via vRO

vRealize Orchestrator

Now in vRA deployments you want to tag all VMs properly so that they have the proper tags needed for management. The built in library has several tag based workflows out of the box, but first you need to run through some setup.

First create a vapi endpoint to your vCenter(Wokflow is found in the library -> VAPI -> “Import VAPI Metamodel”(the VAPI endpoint will be added as well)

metamodel

You want to use Secure Protocol Connection so that the endpoint is used for future orchestration. Input the name of the vCenter (plus /api), so https://vcenterlink.com/api. Input a username/Password combination that will not change(service account if possible), and Select to add the vAPI endpoint.

This will create the connection for you for tagging. Now, lets talk about that tagging assignment, and gets; this is where it can get a little tricky. The library for tagging is found in library -> VAPI -> Examples -> Tags. This includes creating category’s, tags, and assigning tags.¬† In the “examples” folder you will find some “Get” workflows, but, if you run you get a csv string for all IDs of the tags. I don’t know about you, but I don’t remember tags by IDs.

So, how do we do a pull by name? Well, there is an action in vRO for findTagByName in com.vmware.vapi.tags. This takes an input of the vAPI endpoint(metamodule is needed so it should be there if you followed above), name, and whether you want to run it as case sensitive(boolean). Now, you can take this workflow and run a system.log after the action for the needed information. Here is what my workflow looks like:

tagworkflow

This should return the information you need to tag VMs with the specific tag. You should be all set using the built in workflow “Associate vSphere tag to VM”. This workflow needs the API, the ID of the tag(tagid) and the VM :

associatetag

But lets make a quick change to that workflow’s “Scriptable task”. Currently the built-in workflow(as of 7.5) shows this:

if (vapiEndpoint == null) {
throw "'endpoint' parameter should not be null";
}
if (tagId == null) {
throw "'tagId' parameter should not be null";
}
var i = 0;
while (i<5)

try {
var client = vapiEndpoint.client();
var tagging = new com_vmware_cis_tagging_tag__association(client);
var enumerationId = new com_vmware_vapi_std_dynamic__ID() ;
enumerationId.id = vcVm.id;
enumerationId.type = vcVm.vimType;
tagging.attach(tagId, enumerationId);
System.debug("Tag ID " + tagId + " assigned to VC VM " + vcVm.name);
i=5;

} catch(e) {
System.debug("Associating " + tagId + " failed. Retrying " + i + " of 5 attempts");
i++;
if (i=4) { System.error(e.message); }
}
}


There are some opportunities for this workflow. First, if you use this out of the box and put in an incorrect tag it will continually cycle, 2nd if you fix the cycle, it will never fail. So here is the code with my adjustments to ensure it only tries 5x, fails on the 5th, and sends the exception.

if (vapiEndpoint == null) {
throw "'endpoint' parameter should not be null";
}
if (tagId == null) {
throw "'tagId' parameter should not be null";
}

var i = 0;
while (i<6){

try {
var client = vapiEndpoint.client();
var tagging = new com_vmware_cis_tagging_tag__association(client);
var enumerationId = new com_vmware_vapi_std_dynamic__ID() ;
enumerationId.id = vcVm.id;
enumerationId.type = vcVm.vimType;
tagging.attach(tagId, enumerationId);
System.debug("Tag ID " + tagId + " assigned to VC VM " + vcVm.name);
i=6;

} catch(e) {
System.debug("Associating " + tagId + " failed. Retrying " + i + " of 5 attempts");
i++;
if (i==6) {
System.error(e.message);
throw e.message}
}
}


Lets go through the changes:

  1. To try “5 out of 5”. The end catch should be 6 not 4…
  2. Change the “while” clause to 6 so that the catch runs at 6 and it doesn’t just end successfully.
  3. Finally “throw e.message” will make the workflow actually fail. If you just want the log, but want the workflow to continue, you can remove this.

**NOTE** You can attach multiple tags this way, just duplicate the workflow and add attributes for each tag ID, adjusting the script to use the proper attribute variables one at a time, per vAPI.

Now, with this workflow and inputs you should be able to add tags to your VMs, with property assignment, and subscriptions. That’s for another time I suppose.