cloudmaniac.net

Create Complex Search Queries using the NSX-T Search API

Thu, 25 Mar 2021 16:00:00 +0100

The NSX-T search function is compelling: you can search for objects using various criteria throughout the NSX-T inventory. You can not only just type something to query (a name, a UUID, etc.) and you will get all relevant results, but also create queries using a search pattern.

The search results are sorted by relevance, and you can filter these results based on your search query. The search function helps with auto-completion and suggestions: in the example above, it provides me a list of tags from which I can choose.

Another example below: I want to list all Tier-1 gateways with the word terraform in the description.

Now, that’s in the UI: it’s great, but what if you need to get some information hidden in the UI on objects that could only be found using a search query? I had recently to look for specific NSX-T objects ID (for a PowerShell function) and I was struggling on how to construct my query.

Fortunately, Thomas Vigneron (NSBU PM) had the answer! While the search feature was always available in the UI, NSX-T 3.0 added the search API GET /policy/api/v1/search/query which allows to do a full-text search API request.

To get the same result as my first example above, I use the following request: GET /policy/api/v1/search?query=resource_type:(PolicyNatRule) AND (tags.tag:"urn:vcloud:org:63035a23-560f-484b-90fc-c691778b6d10").

The search API supports a wide list of resource types you can search on, as well as wildcards and boolean operators (AND, OR, NOT).

Check for the complete description and documentation in the NSX-T Data Center Rest API Guide.

Rehearse Your Presentations with Presenter Coach in PowerPoint

Fri, 19 Mar 2021 15:00:00 +0100

When it comes to presenting to an audience (either in person or remotely), there are 3 categories of people:

People who naturally excel in this exercise
People who need to train
People who don’t care about how they deliver the information

I belong to the second category, and as such, I had to improve my soft skills. Nonetheless, training happens at a given time, and it’s easy to not apply everything you learned after a few years. Also, the feedback you can get from yourself is biased (oh really, thank you Captain Obvious).

Earlier this week, I was surprised to discover this article from Microsoft: Improve your presenting skills with additional platforms and new features for PowerPoint Presenter Coach. Apparently, Presenter Coach has been available on the web version of PowerPoint for a while now, but this was the first time I heard about it.

Presenter Coach evaluates your pacing, pitch, your use of filler words, informal speech, euphemisms, and culturally sensitive terms, and it detects when you’re being overly wordy or are simply reading the text on a slide.

In a nutshell, Presenter Coach leverages AI (Artificial Intelligence) to help anyone who wants to practice a speech/presentation.

The feature is not yet available for PowerPoint on macOS (although it should come soon), so I tested it in the web version. On the Slide Show tab, select Rehearse with Coach (see screenshot below); the presentation opens in a full-screen view (similar to Slide Show). Hit Get Started at the lower right to begin rehearsing.

As you speak, Coach gives on-screen guidance (in the lower-right corner of the window) about pacing, inclusive language, use of profanity, filler words, and whether you’re reading the slide text. After each rehearsal, you get a report that includes statistics and suggestions for improvements.

The report includes generic data such as a summary (time spent and number of slides), but also recommendations in a variety of topics:

Pace
Fillers words usage
Sensitive phrases
Speech refinements
Voice pitch
Body language
Repetitive language
Originality (detects if you are reading your slides)

Resources

Rehearse your slide show with Presenter Coach

2021: Heads or Tails?

Thu, 31 Dec 2020 11:00:00 +0100

There are only a few hours left in 2020, what can we say…what a year! 😶 The house is quiet today (children are with their grandparents), so I’m taking a moment to write here.

It is the case to say that 2020 did not go quite as planned, but I’m grateful my family and relatives were not more impacted. At the same time, I’m also sad for the people who lost someone (almost 2 million deads to this date), especially as it may have been related to others that didn’t respect restrictions and masks.

I’m also shocked that so many people prefers to believe in various conspiracies rather than trusting science.

Enough of 2020, welcome 2021! I won’t make any predictions, nor any resolutions this time. I will only:

do my best to spend more quality family time
continue to enjoy my current role
do my best to be a good human/person

Thanks for your continued interest, and Happy New Year!

Stay safe, be kind!

NSX-T Reference Design Guide - Updated Version for NSX-T 3.0

Mon, 21 Dec 2020 15:00:00 +0100

Christmas came early this year! An updated version of the NSX-T Reference Design Guide was published last Friday! 🙌

The NSX-T Reference Design Guide provides guidance and best practices for designing environments that leverage the capabilities of VMware NSX-T. It is targeted at virtualization and network architects interested in deploying NSX Data Center solutions.

What’s New?

This 3rd iteration includes:

Design changes that goes with VDS with NSX
VSAN baseline recommendation for management and edge components
VRF based routing and other enhancements
Updated security functionality
Performance updates
…and much more!

This document is organized into several chapters. Chapter 2 to 6 explain the architectural building blocks of NSX-T as a full-stack solution, providing a detailed functioning of NSX-T components, features and scope. They also describe the components and functionality utilized for security use cases. These chapters lay the groundwork to help understand and implement the design guidance described in the design chapter.

The design chapter (Chapter 7) examines detailed use cases of network virtualization and recommendations of either best practices or leading practices based on the type of use case or design form factor. It offers guidance for a variety of factors including physical infrastructure considerations, compute node requirements, and variably sized environments from small to enterprise scale.

Note: The NSX-T Reference Design Guide does not cover installation, and operational monitoring and troubleshooting. For further details, review the NSX-T installation and administration guides.

Besides this updated Reference Design Guide for NSX-T, several other NSX-T reference guides have been published or updated recently, for a total number of 714 pages.

Happy Reading!

3 Platforms where to Find Free Stock Images

Wed, 11 Nov 2020 17:00:00 +0100

We’ve all heard the old adage: a picture is worth a thousand words. But have you ever wondered why? Visualization works from a human perspective because we respond to and process visual data better than any other type of data. In fact, the human brain processes images 60,000 times faster than text, and 90 percent of information transmitted to the brain is visual.

That’s why illustrating content is vital for grabbing attention and getting your message across. But sometimes, a diagram is not always sufficient to convey an idea or to transmit an emotion.

Where to find those images if you don’t have enough visual materials? Of course, platforms such as iStock (by Getty Images) and Shutterstock exist, but their content is not free.

Luckily, there are alternatives. I’ve compiled a shortlist of the 3 sites with free stock photos I’m using to illustrate my content.

Unsplash

Unsplah is my default goto platform to find free stock images to illustrate my content. It’s hard to explain why: maybe it’s because images look more natural than traditional stock images (they don’t look false)? Because they are shot and shared by photographers that know how to craft photos to create emotion?

The photos on Unsplash are free to use and can be used for most commercial, personal projects, and for editorial use. You do not need to ask permission from or provide credit to the photographer or Unsplash, although it is appreciated when possible.

More info: Unsplash License.

Pixabay

With almost 2 millions images available, Pixabay is definitively one of the major players in that area. Another big advantage of Pixabay is that they also offer free vectors and illustrations.

All contents are released under the Pixabay License, which makes them safe to use without asking for permission or giving credit to the artist - even for commercial purposes.

Learn more on Pixabay.

Pexels

Pexels is another great collection of free stock photos: they even provide free stock videos!

All photos and videos on Pexels can be downloaded and used for free. You can have a look to the license to understand what is allowed or not.

My Own Photos

Finally, I also sometimes use some of my pictures, taken over the past 10 years. Unfortunately, I don’t shoot as often as I would like…If you’re interested, you can have a look at my portfolio on 500px.com/romain.

Fix "Too many authentication failures" SSH error

Thu, 05 Nov 2020 16:00:00 +0100

I finally took the time to troubleshoot an issue that had been bothering me for some time. I have been experiencing more and more a Too many authentication failures error while connecting to remote systems using SSH.

Received disconnect from a.b.c.d port 22:2: Too many authentication failures

I noticed this was especially happening on Photon OS appliances (almost all VMware appliances now).

Troubleshoot the Too many authentication failures error

TL;DR: this error is often caused by inadvertently offering too many SSH keys to the server (compared to the MaxAuthTries parameter). The server will reject any key after too many keys have been offered.

How to troubleshoot the SSH client? Easy, just RTFM! 😅

-v      Verbose mode. Causes ssh to print debugging messages about its progress.
        This is helpful in debugging connection, authentication, and configuration problems.
        Multiple -v options increase the verbosity.  The maximum is 3.

So, running the SSH client -v switch allows you to run the SSH connection in verbose mode, which prints useful debugging information. There are different verbosity levels; using multiple -v flags increases the verbosity (maximum verbosity level is 3).

SSH uses public-key cryptography to authenticate the remote computer and allow it to authenticate the user, if necessary. There are several ways to use SSH; one is to use automatically generated public-private key pairs to simply encrypt a network connection, and then use password authentication to log on. Another is to use a manually generated public-private key pair to perform the authentication, allowing users or programs to log in without having to specify a password.

Let’s analyze the portion of the output that interests us.

debug1: Offering public key: /Users/rdecker/.ssh/id_rsa RSA SHA256:<redacted>
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Trying private key: /Users/rdecker/.ssh/id_dsa
debug3: no such identity: /Users/rdecker/.ssh/id_dsa: No such file or directory
debug1: Trying private key: /Users/rdecker/.ssh/id_ecdsa
debug3: no such identity: /Users/rdecker/.ssh/id_ecdsa: No such file or directory
debug1: Offering public key: /Users/rdecker/.ssh/id_ed25519 ED25519 SHA256:<redacted>
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 1
Received disconnect from 10.67.29.112 port 22:2: Too many authentication failures

You can notice that 2 keys are offered for the authentication (id_rsa and the id_ed25519) before the password. I indeed recently decided to switch to an Ed25519 key (based on Elliptic Curve Digital Signature Algorithm - ECDSA) instead of a typical RSA key. However, I did not delete my RSA key from my ~/.ssh/ folder. 😬

Note: If you’re interested in knowing more about Ed25519, the Ed25519 for SSH article is very complete.

Why does this happen more often on Photon OS and not on my regular Ubuntu or CentOS templates? The answer is quite simple: the SSH daemon is enforced to only accept 2 authentication tries in Photon OS.

MaxAuthTries specifies the maximum number of authentication attempts permitted per connection. Each key tried by the SSH client counts as one authentication attempt. Once the number of failures reaches half this value, additional failures are logged. Setting the MaxAuthTries parameter to a low number will minimize the risk of successful brute force attacks. While the default is 6, Photon OS is configured to accept only 2.

Fix the Too many authentication failures error

In my situation, the fix was easy: I’m not using my RSA key anymore, so I deleted it. 😎

Alternate solutions:

Increase the MaxAuthTries on the server (definitively an option, but I don’t recommend it)
Edit the ~/.ssh/config (on the client) and add IdentitiesOnly blocks so that a connection to a specific host only tries the associated key
Force non-key authentication, e.g.: ssh -o PubkeyAuthentication=no romain@hostname.com

Moral of the story

I was happy to finally identify and fix this recurring issue. It wasn’t very complex to troubleshoot and fix it; don’t wait too long before solving your issues, it’s sometimes only a matter of minutes!

[Tooling] Disk Usage with Duf

Thu, 08 Oct 2020 16:00:00 +0100

One of the first Linux/UNIX command-line I learned 20 years ago was du: du stands for disk usage, and is widely used to estimate file space usage (either for a complete system, for a partition, for a folder or for individual files).

Duf is another CLI tool to display disk usage details, but that time with a user-friendly layout (in a table format) that automatically adjusts to your terminal’s width.

As you can see in the output above, this command line lists the following details:

mounted devices (and associated mount point)
total size, used and free disk soace for each partitions
filesystem type and name

Developed in Go, duf is available available for Linux, macOS and Windows and has some nice embedded features:

sort the results according to your needs (by mountpoint, size, used space, inodes, etc.)
groups & filters devices
show/hide specific information or columns
output the disk space in JSON format

You can also list inode information instead of block usage with duf --inodes.

Do Not Run a Container with the :latest Tag

Fri, 26 Jun 2020 15:00:00 +0100

Never ever use the latest tag when building Docker images…been there, done that, it was not pretty! 😅

If you remember (if you don’t, check here), I’m using Github Actions as a pipeline to publish my blog post.

[…] I commit my new content (or my changes) to a private GitHub repository. The commit will trigger a GitHub Actions workflow that will create a container, install Hugo with a specific version, clone my repository, build the content using the hugo CLI, sync the generated HTML / CSS / images to AWS S3 and invalidate my CloudFront distribution.

After writing my Full 0.12 Syntax Support with the new Terraform Visual Studio Code Extension post, I pushed the new content to my Github repository, and I left my desk. When I checked later, I noticed that the article was not online (usually it takes a few minutes). It didn’t take me long to discover that my workflow in Github Actions was failed.

As you can see in the screenshot above, I had a Python dependency error (Python is required for AWS CLI in my publication workflow).

RUN apk -v --update add python
ERROR: unsatisfiable constraints:
  python (missing):
    required by: world[python]

I’m using Alpine as the base image for the container that handles the publication process. But, Alpine recently stopped providing the python package (more precisely in 3.12). In a Dockerfile, the FROM instruction specifies the parent image from which you are building. Mine was FROM alpine:latest…which means that it picked the latest Alpine image where Python was missing.

To fix it, I corrected the FROM alpine:latest intruction to FROM alpine:3.11.6.

Obviously, I could change to python2 or python3, but that’s not the goal of this blog post today. 😉

In closing, if you use latest, you always depend on the people that maintain the images.

Note: I’m talking about Docker images here, but it’s true for any component/system that have use such tags.

Domain-specific DNS Client Configuration on macOS

Tue, 16 Jun 2020 16:00:00 +0100

Sometimes it’s good to have separate DNS servers for different domains. One of my colleagues asked me this morning how to avoid filling up his /etc/hosts file to access a new environment I’m building for him.

Take the example of a lab: it is common amongst IT professionals to have a homelab or a corporate lab to test new software, gain new skills, or troubleshoot a problem. It is also quite common to use a VPN to connect to your lab or the corporate network.

Most of the time, different environments may need different DNS servers than those inherited by DHCP from your home or corporate network; I’m sure you can see where this is headed. 😬

I’ll take my lab as an example:

I connect to my lab using a VPN.
The DNS servers configured in macOS are the ones assigned from my home (or corp.) network.
My lab has two Active Directory servers, which also act as DNS servers for the lab components.
The domain used is sddc.lab.

How can I make sure to use my lab DNS servers for this particular sddc.lab domain?

As I’m using macOS, there is an easy way to solve that challenge: macOS uses a DNS search strategy that supports multiple DNS client configurations. To use that capability, I only need to create a sddc.lab file in the /private/etc/resolver/ folder with the nameservers to use for that particular domain and I’m all set! 🙌

From this moment on, all DNS requests for the sddc.lab (and subdomains) will go directly to the specified nameservers while all other requests will go the default nameservers configured in /etc/resolv.conf.

My /private/etc/resolver/sddc.lab only contains the 2 nameservers to use for that particular domain. Other configuration options are available, please check the resolver(5) man page for more information.

nameserver a.b.c.d
nameserver a.b.c.e

I end up having a default DNS configuration, which is configured and maintained by DHCP when I connect to my network or to the corporate one, as well as a domain-specific DNS client configuration, which is really helpful to solve my lab FQDNs.

Full 0.12 Syntax Support with the new Terraform Visual Studio Code Extension

Thu, 11 Jun 2020 16:00:00 +0100

I used many text editors during my career: Notepad++, Sublime Text, Atom, and finally Visual Studio Code which has remained my preferred code editor since 2016.

As I was using Terraform quite a lot in the past year, I naturally installed the Terraform Visual Studio Code Extension. I was satisfied until I switched to Terraform 0.12: after that, I started to get warnings/errors, although my syntax was OK.

For example (see screenshot below): Data source terraform_remote_state does not exist.

There was nothing really blocking as my code was still working, but I had a lot of red warnings, which was not visually pleasing. This was a known bug, and some workarounds existed, but I was impatient for it to be resolved.

That’s why I was thrilled when HashiCorp announced one month ago that they took over the support of the Visual Studio Code extension for Terraform.

I updated the Terraform extension to the latest version today, and TADAAA! No more errors! 🙌

I was not able to fully test the new version of the extension, but it looks very promising:

New Language Server package from HashiCorp
Syntax highlighting up to date with all HCL2 features (as needed for Terraform 0.12 and above)

Keep up the good work guys! \o/

Resources: