SMTP Forwarding in a Home Lab

byArron King 06.26.2023 Home Lab Linux

I use a small Linux VM in my environment to relay outbound SMTP using my e-mail provider. This is primarily used to get alerts and notifications from my Home Lab systems to my inbox.

My Ubuntu version was at end-of-life so it was time to rebuild with the latest version.  I thought this was a good time to publish my notes to help myself – and anyone else!

Acknowledgements

I relied on 3 different blog articles to get this setup.  I am sure there are other ways to accomplish this task; but these worked for me:

Goals

  • SMTP host capable of relaying emails from internal systems to my e-mail provider.
    • No inbound SMTP is needed or desired
    • SMTP had to send email using specific username/credentials
  • Initially it had to work with Gmail.  I had the legacy free version of Google Apps since 2010.  When that was initially announced to be shuttered, I moved all of my email services to Apple.  Shortly after I had moved everything.  Google announced it had changed its mind and was not shutting down Legacy G Suite after all; but that was too late for me.  The steps below work for both Gmail and Apple mail.

Continue reading “SMTP Forwarding in a Home Lab”

Update Network Fabric IP Info in Aria Automation using APIs

byArron King 06.02.2023 Aria Automation PowerCLI

I needed to update a few bits of information for the networks in my on-prem Aria Automation deployment (IPv4 CIDR, default gateway, domain, and DNS Info).  It would have been pretty easy to update via the GUI.  I thought learning to update Network Fabric IP Info in Aria Automation using APIs would be a great opportunity to learn.

I thought I would share what I found to hopefully help someone new to APIs. This could also be useful if someone needed to make these changes in bulk.    Let’s take a look!

Figuring things out

I started by reviewing the Aria Automation API Documentation (also known as the Swagger UI) built into each vRA install (in your environment go to https://your-vra-fqdn.com/automation-us/api/docs).  Under the Infrastructure As A Service category, I found some APIs for Network Profiles and vSphere Fabric Networks.

New to this?
Most APIs tend to mirror the organizational constructs you see in VMware products.  In this case, login to vRA Cloud Assembly and go to Infrastructure -> Network Profiles.  When you open a profile, you will see a Networks tab.  This contains the Network Fabrics/vSphere Network Fabrics defined for this profile

The Swagger UI will help describe how to use the APIs and even provides an interface to test them out.   I like using Postman for modeling and testing.  It gives me the ability to save collections of API calls and has very useful features which make the process of learning and using APIs much easier.

It took me a little time in Postman to understand how to properly interact with the the APIs to get the results I was looking for.

Continue reading “Update Network Fabric IP Info in Aria Automation using APIs”

Log Insight Custom SSL Cert Upgrade Issue

byArron King 04.20.2023 Aria Operations for Logs Certificates

Notes:

  • If you are reading this after 4/30/23 and the SSL Certificates on your Log Insight deployment have expired – check out KB 92080.  It contains the steps to replace the expired certificate in Log Insight.
  •  As of 4/25 – the documentation in the release notes and KB articles have been updated to clarify steps to help identify custom SSL Certificates that may need to be recreated for Log Insight 8.12.

I ran into an issue applying the 8.12 version update to my Log Insight deployment.  The upgrade failed fairly quickly and only sent a vague email that didn’t really provide any details.

The Log Insight upgrades I have done in the past have always gone smoothly and I haven’t had to really troubleshoot before, so I jumped onto the appliance via SSH to have a look.  After I bit of poking around I found  what I needed in the following file: /var/log/vmware/loginsight/upgrade.log

It contained an entry right before the errors:

Custom Certificate lacks “SSL client” purpose

 

 

 

 

 

I had replaced the self-signed certificates with custom certificates generated from the Microsoft CA in my environment but thought I had followed the the steps in the Log Insight Documentation for SSL Certificates to generate the certificate properly.

Continue reading “Log Insight Custom SSL Cert Upgrade Issue”

vToolbelt – May 2023

byArron King 04.20.2023 vToolBelt

Important Updates

This edition of the newsletter is being sent a few days early to deliver important news on Log Insight.

If you operate Log Insight 8– there is an important update you should review, test, and deploy immediately.  This new version (8.12) will  resolve 2 issues.

You can download the upgrade pack (PAK) for the new version (8.12) from VMware Customer Connect.

Please note – Log Insight is now known as Aria Operations for Logs.    This is part of the re-branding of the vRealize Suite to Aria Suite that was announced at VMware Explore last year.  You can read more about this later in the newsletter.

Continue reading “vToolbelt – May 2023”

vToolbelt – April 2023

byArron King 04.01.2023 vToolBelt

Welcome to April! 


Upcoming Events

VMware Explore 2023
Las Vegas, Nevada
August 21-24 2023

Registration opens April 25th!

You can use PSO credits to purchase a conference pass (full pricing information)

 Save the Date!

Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

vSphere – vCenter and ESXi

Skyline– Free to upgrade – learn how.  This tool is free, easy, and useful.  If you are not using Skyline yet, check it out !

  • Skyline Collector 3.2 – 8/25/23

Continue reading “vToolbelt – April 2023”

vToolbelt – March 2023

byArron King 03.01.2023 vToolBelt

Welcome to March!

VMware Security Advisories

  • VMSA-2022-0027 – This existing advisory on NSX-V vulnerability has been updated to advise that there are active exploits in the wild.  If you are still running NSX-V and cannot migrate to NSX-T – please review – a patch has been made available.
  • VMSA-2023-0004 -Carbon Black App Control addresses injection vulnerability
  • VMSA-2023-0005 – vRealize Orchestrator update addresses XML External Entity vulnerability
  • VMSA-2023-0003 – Workspace ONE Content Update addresses passcode bypass vulnerability


Upcoming Events

VMware Explore 2023
Las Vegas, Nevada
August 21-24 2023

That’s right – VMware Explore is heading back to Las Vegas!  Save the Date!

Product Support Watch

The following products are nearing the End of General Support.  You can find the full list on the VMware Lifecycle Product Matrix.

vSphere – vCenter and ESXi

Skyline– Free to upgrade – learn how.  If you are not using Skyline yet, check it out !  This tool is free, easy, and useful

  • Skyline Collector 3.1 – 2/10/23
  • Skyline Collector 3.2 – 8/25/23

Continue reading “vToolbelt – March 2023”

VMUG Advantage – An essential tool to help you upgrade your skills

byArron King 02.10.2023 Education Home Lab VMUG

One of the necessities of working in IT is the need to continually learn and upgrade your skills.  Change is constant and can happen quickly.   Time is also limited – so I try to make the most of the time I spend learning.  I have found VMUG Advantage to be essential to helping me upgrade my skills and make the most of my time in the lab.

The Home Lab

I have worked at many companies in my career spanning multiple verticals, starting as a customer and then moving to a partner.  This path lead me to where I currently work – VMware.  Unfortunately, too few organizations are willing to invest the money or time to provide safe places for their people to learn.

A long time ago I decided to invest in myself.  I would not have been able to progress as I have without taking the time to learn and grow.  That is where VMUG Advantage comes in!

My home lab started small; but has grown as my needs have changed (and funds allowed).  The one thing that has always been a constant for me is time. We all have the same amount of time.  I have rarely had too much time my hands; but do try to use it wisely  ?

Most products usually come with short term evaluation licenses that let the curious explore product features and functionality.  The challenge is that when that license runs out in 30 or 60 days, I had to spend time tearing it all down just to re-install it again to get another free license.

Benefits of VMUG Advantage

VMUG Advantage provides 365 day evaluation licenses for over 15 different VMware solutions.  This helps me stop wasting time. If I still need to work with a product after the evaluation license expires, I simply download a new key from the subscription and immediately resume  what I was doing.  No rebuild needed!

VMUG Advantage also includes VMware TestDrive.  This is a cloud based service that allows you to try out features by spinning up a lab that is already set up and ready to go.  This can be very useful in a number of situations:

  • Quick Evaluations – perhaps even test out specific features without manually setting up an entire environment
  • Try out SaaS Products that you cannot setup in a home lab
  • Work with products which have significant hardware requirements – If your home lab is small or doesn’t have all of the right hardware needed for vSAN, NSX, or Tanzu you can work with it in TestDrive

Additional Discounts

Official VMware Training – You can get an additional 20-35% off from a number of official VMware courses

VMware Explore – VMUG Advantage members also get an exclusive discount for VMware Explore passes.

Invest in yourself

I absolutely believe that the investments I have made in my own career have had tremendous impact on my life.    Tools like VMUG Advantage allow you to get the most out of the time you spend learning and growing.  If you work with VMware products and are looking to grow your skillset, I highly recommend you check out the VMUG Advantage Difference today!

 

 

vToolbelt – February 2023

byArron King 02.06.2023 vToolBelt

Let’s talk Ransomware

I am sure most everyone has heard about the latest ransomware attack called “ESXiArgs”.  If you haven’t, two sites I follow have coverage [BleepingComputer and HackerNews].Ransomware uses a software exploit to gain access to a system and block access to that system until a sum of money is paid.  There are instances where this exploit is unknown (also known as a Zero Day exploit).    In the case of ESXiArgs, the attackers are targeting an exploit found in OpenSLP.  A patch for this issue was released in February 2022 via VMSA 2019-0022.    That date is not a typo – the patch has been available for about a year.

Please take a moment and review the VMSA above to ensure you are have applied the patch.  If you cannot patch immediately, KB 76372 has steps on disabling the OpenSLP service on your ESXi hosts until you are able to find a patch window.

Protecting against Ransomware

One of the best general ways to protect your organization is to apply the relevant security patches.  VMware publishes Security Advisories about it’s products. You can sign up to be notified when any new security advisory is published.

Continue reading “vToolbelt – February 2023”

ESX Host Prep with PowerCLI

byArron King 02.02.2023 PowerCLI Scripting vSphere

I often discuss ESX configuration with customers, and during a recent conversation the topic turned to Powershell  and automation.  This reminded of a script I wrote back in the vSphere 4.x days.    I was able to locate the file, and with just 2 minor changes found it still works with vSphere 7.  It is simple; but can save quite a bit of time.  Since that is one of the fundamentals of automation – I thought it worthy of sharing.

vSphere does offer a feature called Host Profiles that can help ensure hosts have the same configuration.  This feature does require Enterprise Plus licensing and can take some time to setup.  For those that use vSphere Standard or the older Enterprise licensing – Host Profiles are not an option.   That is where PowerCLI can be really useful!

Continue reading “ESX Host Prep with PowerCLI”

vToolbelt – January 2023

byArron King 01.06.2023 vToolBelt
I hope all of you had a Happy New Year – welcome to 2023.
I do want to take a moment and thank you for reading.  I have been working on this blog for a few years now with no real expectations other than trying to provide some information that is helpful to others.  Getting questions and feedback on what I write provides encouragement to keep going!
I don’t normally make much of New Year’s Resolutions; but thought it might help keep myself accountable so – Here goes!
  1. Focus more on Education – In almost every industry continual learning is a necessity to some degree.   I want to deepen my skillset and branch out a bit
  2. Blog more – The last quarter of 2022 has kept me busy with work and life.   The winter months should provide time to share what I am learning.  I have a few things on tap that may be of interest so stay tuned!
  3. Dedicate Time to Physical Health – I know this one is cliche; but for this first time it seems like I am headed in the right direction in this area.  Like many who may read this, I spend most of my time on the computer for work or hobby.   My wife and I recently decided to help each other be more active and eat better.  Doing this together really does seem to be working for us.    I have a workout streak going and am having success eating healthier food with little to no snacking.  Even after a short time my blood pressure is starting to trend in the right direction and so is the scale. Queue up Rule #1 ?
VMware Security Advisories
  • VMSA-2022-0030 – vCenter and ESXi updates address multiple security vulnerabilities
  • VMSA-2022-0031 – vRealize Network Insight updates address command injection and directory traversal vulnerabilities
  • VMSA-2022-0032 – Workspace ONE Access and Identity Manager updates address multiple security vulnerabilities.  Note: This also affects Identity Manger 3.3.6 used with vRealize Suite and Horizon
  • VMSA-2022-0033 – ESXi, Fusion, and Workstation updates address a heap out-of-bands vulnerability
  • VMSA-2022-0034 – vRealize Operations updated to address privilege escalation vulnerabilities

Continue reading “vToolbelt – January 2023”