All posts by Jonathan Medd

Modifying Icons in vRA with PowerShell

There have recently been a number of blog posts around modifying the All Services icon in vRA, and how to change it programmatically:

We had a new feature request open in PowervRA for a while to do the same thing, so I figured it would be a good time to go and add it, so that the same change to the icon could be done from PowerShell. We decided to take a slightly more generic approach than just the All Services icon and make it possible to upload any icon and use it to modify any service or other element within vRA that supports modifying the icon via the API.

So in release 2.1 of PowervRA you will find some new functions for working with icons:

Modify the All Services Icon

Note: Modifying the All Services icon will affect all vRA tenants and requires admin permission to the default tenant. Ensure you are comfortable with this before going ahead!

The icon for All Services is known within vRA as cafe_default_icon_genericAllServices. You can find out more about it with Get-vRAIcon:

To update it, use Import-vRAIcon. The API documentation lets us know that it will either create a new icon or overwrite an existing one. Since the All Services icon already exists, it will be overwritten when you import a new one:

You can also set it back to the original brick icon with Remove-vRAIcon, since the API description states that for deleting an icon which is one of the default system icons, it will be reverted to its default state:

Modify a Custom Service

Note: for this piece you will need admin permissions in the Tenant the Service belongs to

Modifying the icon for your own created service is very straightforward process: import a new icon to the Catalog Service and then update the existing service with the new icon. In this example we’ll modify the icon for Service02:

We can find the name of the currently used icon with Get-vRAService and see that the default icon name is cafe_default_icon_genericService:

To change it, do the following:

Modify a Catalog Item

Note: for this piece you will need admin permissions in the Tenant the Catalog Item belongs to

As mentioned, we’re not just restricted to modifying Service icons, other icons can be changed too. For example we can update the icon of a Catalog Item. Again upload an icon first, then update the Catalog Item with it:

We can find the name of the currently used icon with Get-vRACatalogItem and see that the  icon name is vcoIcon_256x256.png:

To update, use the following:

UK South Coast PowerShell User Group

There are a number of PowerShell User Groups in the UK, but unfortunately none for me that are easy to get to with my home location and work commitments. So I am gathering interest in a UK South Coast PowerShell User Group for coders of all experience levels.

The purpose of this initial meetup is to test the viability of running a PowerShell meetup in Southampton on a regular basis. Hopefully we will get enough interest to take this forward and start running sessions with PowerShell content for everyone to learn from.

If you live in the area and have an interest in PowerShell, we’d love to see you there.

 

Preparing for 70-533: Implementing Microsoft Azure Infrastructure Solutions

I’m not a massive fan of certifications, but I understand why people do them and the benefits which can arise from the whole process of achieving them.  I did a lot of them in the past when my career was more geared around infrastructure work rather than coding. However, I wanted to learn about Microsoft Azure and since it is such a large topic to get to grips with, decided that pursuing the 70-533: Implementing Microsoft Azure Infrastructure Solutions exam would be a good way to focus on learning an initial subset of what is available to work with in Azure.

Currently, as of 20/03/2017, there are a couple of Azure exam bundle deals available which are worth checking out. Basically, for roughly just under the cost of taking the exam on its own, you get a free resit voucher and a MeasureUp practise test thrown in as part of the bundle. I found the MeasureUp test a pretty good barometer for where I was with my learning and ended up going over all of the topics again to gain a better understanding that the practise test was highlighting was needed. These practise tests can be a bit hit and miss in my past experience, but I thought this one was a pretty good indicator of what the actual exam turned out to be like.

 

Objectives

I used a lot of different resources to prepare for the exam, the homepage is the obvious first place to start so you are aware of which areas of Azure are being tested.

https://buildazure.com has some info about how the exam changed towards the end of 2016 to be more focused on ARM rather than ASM:

Azure Infrastructure Exam (70-533) Gets ARM Refresh

Being comfortable with PowerShell and JSON is a pre-requisite before attempting any of the training I would suggest.

Resources

Once familiar with the objectives I used some online training as the largest part of my learning experience:

Implementing Microsoft Azure Infrastructure Solutions (70-533) from Pluralsight; some of it is a little out of date given the above exam changes, but still a very useful starting point

Azure Resource Manager Deep Dive from Pluralsight

I also watched a few chapters from Architecting Microsoft Azure Solutions (70-534) on Pluralsight. Even though it was for a different exam, there is still a lot of crossover and it was useful for a review of topics I had already covered.

Having then started on the MeasureUp practice test and realised more work was required I tried out the free Microsoft Azure training mentioned as part of their bundle offering above, which is free to anyone even if not signing up to one of the bundles. If you don’t have access to Pluralsight then this would be a good place to start. In my case I found it useful to revisit topics I had already learnt. This site was also good for the extra practice questions it contains.

Craig Kilborn has some useful info on his site:

70-533: Implementing Microsoft Azure Infrastructure Solutions – Prep & Exam Experience

The Microsoft site Channel 9 has a large Azure section of videos to choose from. In particular finding relevant videos in the Azure Fridays series was good as a refresher as the exam date approached, for example Azure ScaleSets  or Azure CDN.

Finally, I found it really useful to team up with a colleague who is going for the same exam and regularly review things learnt and compare notes – I learnt a lot from doing this and would suggest trying the same if you can.

Last Minute Preparation

As some last minute preparation for the exam I committed to memory as much as possible from the key facts around Azure Web Apps, Azure SQL and Azure VMs, such as in the below screenshots from the Azure portal for Web Apps. Then at the beginning of the exam, I wrote down as much as possible that I could remember on the materials provided before tackling the questions.

This is part of the reason why I don’t like certs since to me it is fairly pointless to memorise something that could easily be looked up if necessary. However, it was worth it for having a good awareness of, for instance which Web App tier would be suitable for a described application type.

 

You can obtain similar information from the portal for Azure SQL and Azure VMs.

and then Happy Days 🙂

powershell.exe version parameter

PowerShell v6 Alpha 17 has been released and contains an interesting change with the version parameter when applied to powershell.exe. Some discussion around it can be found here and here.

When using a Linux based shell, supplying the version parameter returns the version of the shell:

You can now do a similar thing in PowerShell Core:

Note that using $psversiontable still gives you fuller information:

This is slightly different from the pre-v6 PowerShell version on Windows where the version parameter requires an argument:

For example, you can start PowerShell version 2 from a PowerShell version 5.1 console:

 

There’s discussion in the Github issues about whether that particular functionality of running different PowerShell versions will be taken forward in PowerShell Core.

 

 

 

Create an Azure Storage Blob Container with PowerShell

My observations so far with the Azure PowerShell experience have been somewhat mixed and the example in this post will give you a flavour of that. I wanted to create a new Storage Blob Container via PowerShell, rather than through the below process in the web portal:

I looked for cmdlets which could potentially be used:

However, it returned nothing from the AzureRM module, only the Azure module. (There are currently two modules you need to use when working with Azure, some more info here and here) To say this can get confusing when you are new to the topic is an understatement, hopefully this situation is going to improve significantly ASAP.

So it looks like I need to use New-AzureStorageContainer from the original Azure module, however there do not appear to be any examples which show you how to add it into the desired place, i.e. Resource Group and Storage Account:

So far I have found two different ways to get this done:

1)Set the current Storage Account

I found a StackOverflow post with an example. You need to first of all call a cmdlet from the AzureRM module to set the current Storage Account (note line 2 is the weird response you get from running the command in line 1, i.e. just a string with the name of the current Storage Account, not an object representing it):

Now I can use New-AzureStorageContainer and it will get created in the correct place:

2) Use Storage Account Keys

Within a Storage Account are two Access keys which can be used for automation:

We only need one of the keys, but the following will retrieve both and then we pick out the first key value:

Now using one of the key values we can set the Storage Context:

Note: the above doesn’t actually seem to perform any validation on whether a Storage Account with that name exists. I initially had a typo in  the name and when using the next command generated the error: New-AzureStorageContainer : The remote name could not be resolved: ‘jmtest01.blob.core.windows.net’

Now if we have used the correct name for an existing Storage Account we can create the Storage Container using the generated Storage Context:

Please leave a comment if I have missed an easier way to do it, I’d love to know 🙂

New-AzureRmResourceGroupDeployment : A parameter cannot be found that matches parameter name

New-AzureRmResourceGroupDeployment generates the following error:

New-AzureRmResourceGroupDeployment `
-Name $resourceDeploymentName `
-ResourceGroupName $resourceGroupName `
-TemplateFile $template `
@additionalParameters `
-Verbose -Force
New-AzureRmResourceGroupDeployment : A parameter cannot be found that matches parameter name ‘xxxxxxxxxxx’.
At line:5 char:5
+ @additionalParameters `
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-AzureRmResourceGroupDeployment], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet

This kind of error seems fairly in tune with the experience I have had so far with the AzureRM PowerShell module, i.e. the error has seemingly nothing to do with the actual problem. While I spent a fair amount of time checking the parameter ‘xxxxxx’ in the ARM JSON file and found nothing wrong, it turned out that a syntax error elsewhere in the file was causing the problem. An error message pointing to that kind of problem would have been a lot more helpful!

Solve the syntax issue and this error goes away.

Issues with Mounting a CIFS Share on the vRO Appliance

This article on the vCOTeam site details how to mount a CIFS share on the vRO Appliance so that workflows can write files directly to a Windows File Share rather than using another process to copy the file over there.

This was straightforward to implement in a lab scenario, however within a corporate environment with more restrictions around security and networking it can potentially be more of a challenge. Specifically we encountered the following error response from a Windows Server seemingly configured correctly for Share and NTFS permssions on the folder to mount:

Status code returned 0xc0000022 NT_STATUS_ACCESS_DENIED
CIFS VFS: Send error in SessSetup = -13
CIFS VFS: cifs_mount failed w/return code = -13

This post on a Centos forum helped us track down the problem, i.e. there was at least one Group Policy restricting the use of NTLM.

“It turned out in my case to be a Group policy which was set to Send NTLMv2 responses only. Refuse LM and NTLM. I changed this to Send LM & NTLM -use NTLMv2 session security if negotiated.

Located at: Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options. The policy is called: Network Security: Lan Manager authentication level.”

In our case there were also other NTLM policies that needed to be considered, so worth checking any of these:

Also worth checking the policy: Microsoft network server: Digitally sign communications (always):

It is also possible to use different security settings within the /etc/fstab file on the vRO appliance, eventually we settled on sec=ntlmssp, however I believe the following are also possibilities: sec=ntlm, sec=ntlmv2, sec=ker5 and sec=ker5i

You may also want to consider using a credentials file rather than the username=xxx,password=xxxx in the /etc/fstab file if you want to get this past your security person 😉

PowervRA – Now available on OS X and Linux via PowerShell Core!

Back Story

For a while Craig and I have had a number of requests regarding offering OS X and Linux support to PowervRA, particularly since in case you weren’t aware PowerShell is now available on those OSs and 3rd party modules such as PowerCLI are heading towards supporting that. We first looked at offering this support for PowervRA when the first Alpha release of PowerShell Core was shipped, however we were blocked by a couple of issues, particularly this one regarding certificate checking.

However, back in December I read about how the guys who maintain PowerNSX had been able to offer PowerShell Core support and they had also been blocked by that same issue which has now been resolved. So we updated to PowerShell Core Alpha 14 and started testing again – it seemed that another blocking issue around JSON responses had also been resolved, so things were looking good.

As it turned out, there weren’t a significantly large amount of changes which actually needed to be made on our side – some changes to the Connect-vRAServer and Invoke-vRARestMethod functions to do different things depending on whether PowerShell Core is being used. The scale of community feedback to the alpha releases of PowerShell Core and the efforts of the PowerShell team at Microsoft look like they have had a great impact and covered off a lot of the issues we might have had and the feedback has been quickly taken into subsequent alpha releases.

We benefited from the fact that we have previously invested quality time in producing integration tests for PowervRA, consequently we were able to run the same tests using a PowerShell Core client and only ended up with a couple of bugs that we are currently unable to resolve (here and here) , but looks like at least one of them is scheduled to be fixed for us via a milestone of PowerShell Core beta.

So in release 2.0.0 of PowervRA we are very pleased to bring you support for PowerShell Core!

Requirements

You will need:

PowerShell Core Alpha 14 + ….instructions on getting it installed for different OS flavours can be found here.

PowervRA 2.0.0 + . Get a copy of PowervRA onto the Linux  or OS X machine you want to run it from. Use the following to download it  from the PowerShell Gallery:

or manually copy the module yourself to one of the locations listed in $env:PSModulePath, for example:

In Action

OS X

Here’s PowervRA on my Macbook:

Connect to vRA

Retrieve Blueprint Details

Update a Reservation Policy

Ubuntu 16.04

Here’s PowervRA on Ubuntu 16.04:

Connect to vRA

Retrieve Business Group Details

Update a Network Profile

 

Docker

Craig has done some cool work to make PowervRA available via Docker. Check out his blog post for more details.

Also, many thanks to Alan Renouf for suggesting PowervRA now be made available hosted in the PowerCLI Core Docker Hub too.

Side Note

In PowervRA 2.0.0 we have also made some under the hood changes that it is worth being aware of (check the changelog for more details):

  • Module Restructure Part 1: we changed the functions from being their own individual nested modules in *.psm1 files to more simply being in *.ps1 files and made part of the module in a different way. This was a way I had historically put my modules together, but now have spent some time improving on it to a better way.
  • Module Restructure Part 2:  a number of functions had been marked in recent releases as deprecated, they have now been removed.
  • Module Restructure Part 3: we had previously started moving the functions into folders based on their API endpoint, this is now complete across all of the functions:

Issues

We believe we have covered off most issues with using PowervRA on PowerShell Core via our testing process, but if you do experience anything we have missed then please let us know here.

We are aware of one issue with running PowervRA on CentOS, which appears to be something not just relevant for us and should get fixed upstream in .Net Core.

Summary

We’re really pleased to be able to bring this support to PowervRA and much kudos to the PowerShell team and the wider community for making it both possible and relatively straightforward. We hope you find it useful given we know a significant part of our potentially user base are OS X users.

Also stay tuned because we are not stopping there. There is other planned new PowervRA functionality on the horizon ……

ConvertTo-Json – Working with the Depth Parameter

A couple of times I have got tripped up by the fact that the Depth parameter for ConvertTo-Json has a default value of 2. So for an object something like this with multiple sub-objects, you will have problems if you don’t specify a higher value for that parameter.

If we send the original object through to ConvertTo-Json with the default value for Depth, then we’ll get the following and you’ll observe that only the first two levels have been dealt with properly:

Using a Depth parameter set to level 10 we get a better result:

So mostly it is just a case of remembering that it may be required to use the Depth parameter. A default value of 2 seems a little low, but I guess there must be a reason for it. In practical terms, I got a bit lazy with this and rather than check what the exact value should be each time, I set a high value which I knew would never be reached, let’s say 200. However, some changes in PowerShell seem to have been introduced since the WMF 5.1 preview / 6.0 alpha which results in the following error:

The maximum depth allowed for serialization is 100.

So it appears that there is now a maximum value of 100 for the Depth parameter. Re-working all mentions from 200 to 100 resolved the problem.