Prepare VEBA for PoC

Configure VEBA for LAB or PoC Environment . These are series for configuring VEBA (openfaas for vmware event based alerting).

Summary tasks:

1. Prepare Harbor for VEBA
2. Deploy and configure VEBA
3. Configure openfaas CLI as interface to VEBA
4. Prepare the openfaas container image
5. Sample use case notification to telegram
6. Check the Logs
7. Check Telegram Notification

Prepare Harbor for VEBA

1. Create project in Harbor
2. Configure Garbage Collection so the disk space consumption in the LAB or PoC environment keep minimized

Deploy and Configure VEBA

PREREQ: configure DNS to match the FQDN. VEBA use kubernetes ingress.
In my LAB, i use veba.corp.tanzu as my veba FQDN

1. Download OVA from https://flings.vmware.com/vmware-event-broker-appliance
2. Deploy OVA. Configure wizard properly.

Configure openfaas CLI as interface to VEBA

1. Configure insecure registry so openfaas can push container image

   1 2 3 4 5 6

   cat > /etc/docker/daemon.json << EOF { "insecure-registries": ["http://192.168.110.101:80"] } EOF systemctl restart docker

2. Download openfaas CLI

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

   root@veba-cli [ ~/harbor ]# curl -sSL https://cli.openfaas.com | sh Finding latest version from GitHub 0.12.21 Downloading package https://github.com/openfaas/faas-cli/releases/download/0.12.21/faas-cli as /tmp/faas-cli Download complete. Running with sufficient permissions to attempt to move faas-cli to /usr/local/bin New version of faas-cli installed to /usr/local/bin Creating alias 'faas' for 'faas-cli'. ___ _____ ____ / _ \ _ __ ___ _ __ | ___|_ _ __ _/ ___| | | | | '_ \ / _ \ '_ \| |_ / _` |/ _` \___ \ | |_| | |_) | __/ | | | _| (_| | (_| |___) | \___/| .__/ \___|_| |_|_| \__,_|\__,_|____/ |_| CLI: commit: 598336a0cad38a79d5466e6a3a9aebab4fc61ba9 version: 0.12.21

3. Configure environment variables for VEBA

   1 2	VEBA_GATEWAY=https://veba.corp.tanzu export OPENFAAS_URL=${VEBA_GATEWAY}

4. Login to VEBA

   1 2 3

   ubuntu@cli-vm:~/veba$ echo VMware1! | faas-cli login --password-stdin --tls-no-verify Calling the OpenFaaS server to validate the credentials... credentials saved for admin https://veba.corp.tanzu

Prepare the openfaas container image

1. get the image to be used for openfaas. In this PoC, I use powercli. Since docker limit the pull image, make sure you have docker login.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

root@veba-cli [ ~ ]# mkdir veba
root@veba-cli [ ~ ]# cd veba/
root@veba-cli [ ~/veba ]#

ubuntu@veba-vm:~/veba$ docker login
Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
Username: teddysetiawan
Password:
WARNING! Your password will be stored unencrypted in /home/ubuntu/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

ubuntu@veba-vm:~/veba$ docker pull vmware/powerclicore:latest
latest: Pulling from vmware/powerclicore
31111373f494: Pull complete
5c9de3a881e6: Pull complete
Digest: sha256:b98f21807df14f454fb12f36a4c5090d42180697a766784ed1255fe99bf06b74
Status: Downloaded newer image for vmware/powerclicore:latest
docker.io/vmware/powerclicore:latest

ubuntu@veba-vm:~/veba$ docker logout
Removing login credentials for https://index.docker.io/v1/

2. verify that we have required image

   1 2	ubuntu@veba-vm:~/veba$ docker images|grep vmware/powerclicore vmware/powerclicore latest a0fceeaed43e 6 months ago 372MB

3. push this image to our private-registry (harbor)

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

   ubuntu@veba-vm:~/veba$ docker tag a0fceeaed43e 192.168.110.101:80/veba/senttotelegram root@veba-cli [ ~/veba ]# docker login 192.168.110.101:80 Username: admin Password: WARNING! Your password will be stored unencrypted in /root/.docker/config.json. Configure a credential helper to remove this warning. See https://docs.docker.com/engine/reference/commandline/login/#credentials-store Login Succeeded root@veba-cli [ ~/veba ]# docker push 192.168.110.101:80/veba/senttotelegram The push refers to repository [192.168.110.101:80/veba/senttotelegram] 549311dbc695: Pushed 82a830fee32b: Pushed latest: digest: sha256:b98f21807df14f454fb12f36a4c5090d42180697a766784ed1255fe99bf06b74 size: 742

Get sample use case notification to telegram

1. Download the lab files for VEBA: https://gitlab.com/tsetiawan/labfiles/-/raw/master/veba-powercli-senttotelegram.zip

2. Install unzip

   1	tdnf install unzip

3. Extract the sample files

   1	root@veba-cli [ ~/veba ]# unzip veba-powercli-senttotelegram.zip

4. Modify required property. It should use this secret file. But on this sample, I overried it on the script.

• Modify the changethis and changethat to reflect telegram API. See my other blogs.
• Modify parameter whether you want to use alarm filter or sent everything to target notification system.
• Modify the vcenter alarm filter as required if you choose to use the filter.
• Modify parameter whether you want to include vcenter events

  1 2 3 4 5 6 7 8 9 10

  root@veba-cli [ ~/veba ]# cd veba-powercli-senttotelegram/ root@veba-cli [ ~/veba/veba-powercli-senttotelegram ]# root@veba-cli [ ~/veba/veba-powercli-senttotelegram ]# cat vc-alarm-config.json { "TELEGRAM_URL" : "https://api.telegram.org/changethis/sendMessage?chat_id=-changethat&text=", "VC_ALARM_FILTER" : ["Host memory usage","vSphere HA virtual machine failover failed","Virtual machine CPU usage"], "VC_USE_ALARM_FILTER" : "false", "VC_INCLUDE_EVENTS" : "true" }

5. Create secret file in openfaas VEBA

   1 2 3

   root@veba-cli [ ~/veba/veba-powercli-senttotelegram ]# faas-cli secret create vc-alarm-config --from-file=vc-alarm-config.json --tls-no-verify Creating secret: vc-alarm-config Created: 202 Accepted

If you require to modify the secret file, modiify the json file then update the secret

1
2
3

root@veba-cli [ ~/veba/veba-powercli-senttotelegram ]# faas-cli secret update vc-alarm-config --from-file=vc-alarm-config.json --tls-no-verify                       
Updating secret: vc-alarm-config
Updated: 202 Accepted

6. Modify several entry in the stack.yml file

• modify gateway to reflect VEBA FQDN
• modify image to reflect the harbor image
• modify the topic to include more vsphere events

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

  root@veba-cli [ ~/veba/veba-powercli-senttotelegram ]# cat stack.yml provider: name: openfaas gateway: https://veba.corp.tanzu functions: veba-powercli-alarm: lang: powercli handler: ./handler image: 192.168.110.101:80/veba/senttotelegram environment: write_debug: true read_debug: true function_debug: true secrets: - vc-alarm-config annotations: topic: AlarmStatusChangedEvent,com.vmware.applmgmt.backup.job.failed.event,com.vmware.vc.HA.DasFailoverHostUnreachableEvent,com.vmware.vc.HA.DasHostCompleteDatastoreFailureEvent,com.vmware.vc.HA.DasHostCompleteNetworkFailureEvent,com.vmware.vc.HA.DasHostFailedEvent,com.vmware.vc.HA.DasHostIsolatedEvent,com.vmware.vc.HA.FailedRestartAfterIsolationEvent,com.vmware.vc.HA.DasHostIsolatedEvent,com.vmware.vc.HA.FailedRestartAfterIsolationEvent,com.vmware.vc.HA.FailoverResourcesViolationEvent,com.vmware.vc.HA.HeartbeatDatastoreNotSufficient,com.vmware.vc.HA.HostAgentErrorEvent,com.vmware.vc.HA.HostDasErrorEvent,com.vmware.vc.HA.HostHasNoIsolationAddrsDefined,com.vmware.vc.HA.HostIncompatibleWithHA,com.vmware.vc.HA.HostUnconfiguredWithProtectedVms,com.vmware.vc.HA.NotAllHostAddrsPingable,com.vmware.vc.HA.VmcpStorageFailureCleared,com.vmware.vc.HA.VmcpStorageFailureDetectedForVm,com.vmware.vc.HA.VmcpTerminateVmAborted,com.vmware.vc.HA.VmcpTerminatingVm,com.vmware.vc.ha.VmRestartedByHAEvent,com.vmware.vc.HardwareSensorEvent,com.vmware.vc.host.HostIpConflictEvent,com.vmware.vc.host.NsxInstallFailed,com.vmware.vc.sdrs.ConsistencyGroupViolationEvent,com.vmware.vc.sdrs.StorageDrsInvocationFailedEvent,com.vmware.vc.sms.datastore.ComplianceStatusNonCompliantEvent,com.vmware.vc.sms.datastore.ComplianceStatusUnknownEvent,com.vmware.vc.sms.ObjectTypeAlarmErrorEvent,com.vmware.vc.sms.ObjectTypeAlarmWarningEvent,com.vmware.vc.sms.provider.health.event,com.vmware.vc.sms.provider.system.event,com.vmware.vc.sms.ThinProvisionedLunThresholdCrossedEvent,com.vmware.vc.sms.ThinProvisionedLunThresholdInitEvent,com.vmware.vc.sms.vm.ComplianceStatusNonCompliantEvent,com.vmware.vc.sms.vm.ComplianceStatusUnknownEvent,com.vmware.vc.VCHealthStateChangedEvent,com.vmware.vc.vcp.VmDatastoreFailedEvent,com.vmware.vc.vcp.VmNetworkFailedEvent,com.vmware.vc.vcp.VmPowerOffHangEvent,com.vmware.vc.vcp.VmRestartEvent,com.vmware.vc.vcp.VmRestartFailedEvent,com.vmware.vc.vcp.VmWaitForCandidateHostEvent,com.vmware.vc.vm.VmAdapterResvNotSatisfiedEvent,com.vmware.vc.vm.VmStateFailedToRevertToSnapshot,com.vmware.vc.vm.VmStateRevertedToSnapshot,com.vmware.vc.vmam.VmAppHealthMonitoringStateChangedEvent,com.vmware.vc.vmam.VmAppHealthStateChangedEvent,com.vmware.vc.vmam.VmDasAppHeartbeatFailedEvent,com.vmware.vc.VmDiskConsolidationNeeded,com.vmware.vc.VmDiskFailedToConsolidateEvent,com.vmware.vcha.cluster.sshConnectFailed,com.vmware.vcha.cluster.state.degraded,com.vmware.vcha.cluster.state.isolated,com.vmware.vcIntegrity.CriticallyLowDiskSpace,com.vmware.vcIntegrity.DisableToolsRemediateOnRebootFailed,com.vmware.vcIntegrity.EnableToolsRemediateOnRebootFailed,com.vmware.vcIntegrity.HostPatchRemediateHostConflict,com.vmware.vcIntegrity.InstallUpdateErrorcom.vmware.vcIntegrity.LowDiskSpace,com.vmware.vcIntegrity.MetadataCorrupted,com.vmware.vcIntegrity.NotificationCriticalInfoAlert,com.vmware.vcIntegrity.NotificationImportantInfoAlert,com.vmware.vcIntegrity.NotificationModerateInfoAlert,com.vmware.vcIntegrity.RebootHostError,com.vmware.vcIntegrity.RemediateFailed,CustomizationLinuxIdentityFailed,CustomizationNetworkSetupFailed,CustomizationSysprepFailed,CustomizationUnknownFailure,DasHostFailedEvent,DasHostIsolatedEvent,DrsRuleViolationEvent,DuplicateIpDetectedEvent,esx.audit.account.locked,esx.audit.maintenancemode.failed,esx.clear.storage.apd.exit,esx.clear.storage.connectivity.restored,esx.clear.storage.redundancy.restored,esx.problem.3rdParty.error,esx.problem.3rdParty.info,esx.problem.3rdParty.information,esx.problem.3rdParty.warning,esx.problem.apei.bert.memory.error.corrected,esx.problem.apei.bert.memory.error.fatal,esx.problem.apei.bert.memory.error.recoverable,esx.problem.apei.bert.pcie.error.corrected,esx.problem.apei.bert.pcie.error.fatal,esx.problem.apei.bert.pcie.error.recoverable,esx.problem.application.core.dumped,esx.problem.application.core.dumpFailed,esx.problem.clock.correction.adjtime.unsync,esx.problem.coredump.capacity.insufficient,esx.problem.coredump.extraction.failed.nospace,esx.problem.cpu.page.correctederrors.high,esx.problem.hostd.core.dumped,esx.problem.hyperthreading.unmitigated,esx.problem.iorm.badversion,esx.problem.iorm.nonviworkload,esx.problem.net.connectivity.lost,esx.problem.net.dvport.connectivity.lost,esx.problem.net.dvport.redundancy.degraded,esx.problem.net.dvport.redundancy.lost,esx.problem.scsi.device.io.latency.high,esx.problem.storage.apd.start,esx.problem.storage.apd.timeout,esx.problem.storage.connectivity.devicepor,esx.problem.storage.connectivity.lost,esx.problem.storage.connectivity.pathpor,esx.problem.storage.connectivity.pathstatechanges,esx.problem.storage.redundancy.degraded,esx.problem.storage.redundancy.lost,esx.problem.vm.kill.unexpected.fault.failure,esx.problem.vm.kill.unexpected.fault.failure.2,esx.problem.vmfs.error.volume.is.locked,esx.problem.vmfs.ats.support.lost,esx.problem.vmfs.ats.incompatibility.detected,esx.problem.vmfs.heartbeat.corruptondisk,esx.problem.vmfs.heartbeat.timedout,esx.problem.vmfs.heartbeat.unrecoverable,esx.problem.vmfs.journal.createfailed,esx.problem.vmfs.lock.corruptondisk,esx.problem.vmfs.spanned.lockmode.inconsistency.detected,esx.problem.vmfs.spanstate.incompatibility.detected,esx.problem.vmsyslogd.remote.failure,esx.problem.vpxa.core.dumped,FailoverLevelRestored,GeneralHostErrorEvent,GeneralHostInfoEvent,GeneralHostWarningEvent,GeneralVmErrorEvent,GeneralVmInfoEvent,GeneralVmWarningEvent,HostConnectionLostEvent,HostDisconnectedEvent,HostIpInconsistentEvent,HostIsolationIpPingFailedEvent,HostNonCompliantEvent,HostNoRedundantManagementNetworkEvent,HostUpgradeFailedEvent,OutOfSyncDvsHost,ResourceViolatedEvent,UplinkPortMtuNotSupportEvent,VcAgentUpgradeFailedEvent,VmStaticMacConflictEvent,VmUnsupportedStartingEvent,VmUuidConflictEvent,vprob.net.connectivity.lost,vprob.net.redundancy.degraded,vprob.net.redundancy.lost,vprob.scsi.device.thinprov.atquota,vprob.storage.connectivity.lost,vprob.storage.redundancy.degraded,vprob.storage.redundancy.lost,vprob.vmfs.error.volume.is.locked,vprob.vmfs.heartbeat.timedout,vprob.vmfs.heartbeat.unrecoverable,vprob.vmfs.journal.createfailed,vprob.vmfs.lock.corruptondisk,vprob.vmfs.resource.corruptondisk,WarningUpgradeEvent

7. use the faas up as wizard to build the new image, push into harbor, then push into VEBA

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69

   root@veba-cli [ ~/veba/veba-powercli-senttotelegram ]# faas-cli up --tls-no-verify [0] > Building veba-senttotelegram. Clearing temporary build folder: ./build/veba-senttotelegram/ Preparing: ./handler/ build/veba-senttotelegram/function Skipping "template" folder Building: 192.168.110.101:80/veba/senttotelegram with powercli template. Please wait.. Sending build context to Docker daemon 8.704kB Step 1/13 : FROM vmware/powerclicore:latest ---> a0fceeaed43e Step 2/13 : RUN mkdir -p /home/app ---> Using cache ---> 92a329dedf5f Step 3/13 : USER root ---> Using cache ---> 37d7da3e50be Step 4/13 : RUN echo "Pulling watchdog binary from Github." && curl -sSL https://github.com/openfaas/faas/releases/download/0.9.14/fwatchdog > /usr/bin/fwatchdog && chmod +x /usr/bin/fwatchdog && cp /usr/bin/fwatchdog /root ---> Using cache ---> dc613b10b04a Step 5/13 : RUN pwsh -c "\$ProgressPreference = \"SilentlyContinue\"; " ---> Using cache ---> c323418f2dff Step 6/13 : WORKDIR /root ---> Using cache ---> 7407515c3746 Step 7/13 : USER root ---> Using cache ---> 28027497bf4e Step 8/13 : SHELL [ "pwsh", "-command" ] ---> Using cache ---> cffcf3b8e4e8 Step 9/13 : ENV fprocess="xargs pwsh ./function/script.ps1" ---> Using cache ---> 6ed3f891d594 Step 10/13 : COPY function function ---> Using cache ---> 107773a433e3 Step 11/13 : EXPOSE 8080 ---> Using cache ---> 5f617ac9b823 Step 12/13 : HEALTHCHECK --interval=3s CMD [ -e /tmp/.lock ] || exit 1 ---> Using cache ---> e878efb51c36 Step 13/13 : CMD [ "fwatchdog" ] ---> Using cache ---> b772ad803397 Successfully built b772ad803397 Successfully tagged 192.168.110.101:80/veba/senttotelegram:latest Image: 192.168.110.101:80/veba/senttotelegram built. [0] < Building veba-senttotelegram done in 0.38s. [0] Worker done. Total build time: 0.38s [0] > Pushing veba-senttotelegram [192.168.110.101:80/veba/senttotelegram]. The push refers to repository [192.168.110.101:80/veba/senttotelegram] 9c18a1a68fa4: Layer already exists 03aaa0778336: Layer already exists f9482a7c3b17: Layer already exists 67a6e2693d20: Layer already exists 549311dbc695: Layer already exists 82a830fee32b: Layer already exists latest: digest: sha256:98c2fff1141d3b7aa6e637c1622fa7933677f8313fceb5c977454e4bc2e73568 size: 1574 [0] < Pushing veba-senttotelegram [192.168.110.101:80/veba/senttotelegram] done. [0] Worker done. Deploying: veba-senttotelegram. Deployed. 202 Accepted. URL: https://veba.corp.tanzu/function/veba-senttotelegram.openfaas-fn

Check the Logs

1. for troubleshooting and cek the pod log, login to VEBA using SSH

   1	root@veba [ ~ ]# pod=`kubectl get pods -n openfaas-fn |grep -i Running |grep -i veba-senttotelegram | awk '{print $1'}`;kubectl logs -n openfaas-fn $pod --follow

Check Telegram Notification

1. Last thing, we check telegram notif