Tag Archives: vSphere 5.5

Kerberos authentication for the PowerShell plugin in vCO 5.5

1 The ability to have vCO kick off PowerShell scripts is pretty awesome!  And the fact that you can kick these off contextually inside of the vSphere Web Client is even more awesome!  Even more awesome than that, yes, that’s a lot of awesome is the new features offered with vCenter Orchestrator 5.5 – So, I’ve taken the plunge on one of my environments and upgraded.  Since then I’ve been slowly migrating workflows over – one of which utilized the PowerShell plug-in.  Now, since the appliance mode of vCO requires you to do a rip and replace rather than an upgrade (because I’m using the embedded database) I had to reinstall the PS plugin, therefore forcing me to reconfigure the Kerberos settings on vCO.   During this I realized that things are a little bit different than when I first blogged about vCO and PowerShell here.  Below is how I got it to work…

First up is the WinRM setup on your PowerShell host.  This process  hasn’t changed from 5.1, however I’ll still include the steps and commands that need to be run below.  Remember these are to be executed on the Windows box that you wish to run the PowerShell script from.

  • To create a winrm listener and open any required firewall ports
  • winrm quickconfig
  • To enable kerberos authentication
  • winrm set winrm/config/service/auth @{Kerberos=”true”}
  • Allow transfer of unencrypted data
  • winrm set winrm/config/service @{AllowUnencrypted=”true”}
  • Up the max memory per shell – I needed to do this to get things working
  • winrm set winrm/config/winrs @{MaxMemoryPerShellMB=”2048″}

No on to the krb5.conf file – this is where things get a bit different.  In vCO 5.1 we were required to edit the krb5.conf file located in /opt/vmo/jre/lib/security/ – well, if you go looking for that directory on 5.5 you won’t find it.  Instead, we need to create our krb5.conf file in /usr/java/jre-vmware/lib/security/  As far as what goes in the file it is the same and is listed below…(obviosoly substituting your own domain for lab.local and your own dc for the kdc definition).

[libdefaults]
default_realm = LAB.LOCAL
udp_preferences_limit = 1   [realms]
LAB.LOCAL = {
kdc = dc.LAB.LOCAL
default_domain = LAB.LOCAL
}   [domain_realms]
.lab.local=LAB.LOCAL
lab.local=LAB.LOCAL

After you have saved the file in the proper directory we need to modify the permissions.  The following line should get you the proper permissions to get everything working.

chmod 644 /usr/java/jre-vmware/lib/security/krb5.conf

Just a few other notes!  You might want to modify your /etc/hosts file and be sure that you are able to resolve the fqdn’s of both your dc and the PowerShell host you plan to use.  Also, when adding the PowerShell host be sure to select Kerberos as your authentication type and enter in your credentials using the ‘[email protected]’ format.

For now, that should get you automating like a champ!

Friday Shorts – #vBrownBag Automation, VM Consoles, #vPodcasting and more

I'm very important. I have many leather-bound books and my apartment smells of rich mahogany. – Ron Burgandy (Will Ferrell) from Anchorman

Automate All The Things

vbrownbagHave you heard?  The #vBrownBag crew have queued up quite the automation track for their podcast – one that at the moment is running straight into December.  So – if you have any interest in learning more from some really really ridiculously smart people and industry experts in topics revolving around PowerCLI, vCenter Orchestrator, or vCloud Automation Center I highly recommend you check out the Automate All The Things podcasts by the #vBrownBag crew!

More Ghetto Goodness

Screen Shot 2013-09-21 at 1.25.02 PMYup you're right!  I'm talking about Mr William Lam's site VirtuallyGhetto!  I don't know if everyone has already seen this but he has a wicked awesome post about how to generate a pre-authenticated HTML5 console for your VMs!  Pretty awesome stuff that could certainly fulfill some cool use cases in my environments.  Be sure to follow this blog religiously as William is always knocking posts out of the park with awesome content!

#vPodcasting

20131002170052-vPodcasting​Let's face it!  Cancer has probably affected most of us in some way or another at one point in our lives.  With recent news of the way it has affected Gabe Chapman (a fellow #vDB, super awesome community member, and all round awesome guy), Trever Pott has teamed up with a few other community members and started up #vPodcasting – an effort to try and raise awareness and money to donate to the American Cancer Society in exchange from some knowledge dropping podcasts!  So, if you have a few dollars to spare head over and donate.  They have already raised over $10,000 – over double their initial goal so kudos to Trevor and everyone who has helped out!  It's amazing to see a tech community come together like they have for this!

vSphere 5.5 Performance

VMware LogoThe ever so popular VMware Performance Best Practice whitepaper is back – this time dealing wtih vSphere 5.5!  This whitepaper is very very thorough and contains best practices for most all of the components of the vSphere stack.  Also there is some information about some of the new features too such as vSphere Flash Read Cache and the new latency sensitive application settings!  Highly recommend this to anyone.