VMware Photon 4, k3s

if has error "CreateContainerError":

yum install apparmor-parser apparmor-utils


k8s dashboard

kubectl create serviceaccount k8s-admin -n kube-system
kubectl create clusterrolebinding k8s-admin --clusterrole=cluster-admin --serviceaccount=kube-system:k8s-admin
kubectl -n kube-system create token k8s-admin


VMware Photon OS 4: DNS settings

sudo rm /etc/resolv.conf
sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

systemctl restart systemd-networkd
systemctl restart systemd-resolved

VMware vCenter, set VMCA as Subordinate Certification Authority

1. SSH into vCenter appliance and run the following commands:

shell.set --enable True
chsh -s /bin/bash root
2. Generate the Certificate Signing Request (CSR)
  • run
  • Select Option 2.
  • Type Y when prompted to generate the certificates using a configuration file.
  • Press Enter if using administrator@vsphere.local is OK.
  • Input the administrator password when prompted.
  • Enter your country code, e.g. US.
  • For the Name value enter the FQDN of your VCSA
  • Input your Organization name
  • Input your OrgUnit 
  • Input your State
  • Input your Locality
  • Input the IP address of your VCSA
  • Input a contact email address
  • Input the FQDN of your VCSA for the hostname
  • Input the VMCA Name (i.e. FQDN of your VCSA)
  • Select option 1 to generate the CSRs
  • Enter the path of your choice (e.g. /tmp/) for the resulting CSRs
  • Leave the SSH session open

The Certificate manager created two files:


3. Open your favorite SCP tool (e.g. WinSCP, Royal TSX, etc.). Navigate to /tmp/ Download: vmca_issued_csr.csr
4. Submit Certificate Request on Certification Authority
5. Get CA Certificate Chain, file chain.cer
6. Configuring the VMCA
  • Transfer chain.cer to the VMCA via SCP to /tmp/.
  • Switch back to your SSH session on the VMCA and press 1.
  • Enter /tmp/chain.cer for the Root certificate.
  • Enter /tmp/vmca_issued_key.key for the custom key.
  • Enter Y to replace all of the certificates.
  • Sit back and wait a few minutes for the change to complete.

Howto Shrink a Thin Provisioned Virtual Disk (VMDK)

Virtual Machine Preparation (Windows)

Windows does not automatically zero deleted blocks. Microsoft provides a tool that can zero blocks after while deleting a file or zero out the entire free space. This is required to reclaim space back from the virtual disk.

  1. Download SDelete (http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx)
  2. run sdelete.exe -z [Drive]

Virtual Machine Preparation (Linux)

Linux does not zero deleted blocks too. There are various tools available to create zeroed blocks. The best known tool is dd which should be available on all systems.

  1. Identify free space with df
  2. Fill the free space with dd
vma:/mnt/data # df -h
vma:/mnt/data # dd bs=1M count=8192 if=/dev/zero of=zero

This will zero 8GB of the available 8.2GB (1MB Blocksize * 8192 = 8GB). Please note that you virtual disk file (VMDK) will grow to the full size during the process.

Shrink VMDK File

  1. Power off the Virtual Machine, or disconnect the virtual Disk you want to shrink
  2. Connect to the ESXi Host with SSH
  3. Navigate to the Virtual Machine Folder
  4. Verify disk usage with du
  5. Run vmkfstools -K [disk]
  6. Verify disk usage with du
root@esx3:/vmfs/volumes/ds1/vma $ du -h vma_1-flat.vmdk
7.9G vma_1-flat.vmdk

root@esx3:/vmfs/volumes/ds1/vma $ vmkfstools -K vma_1.vmdk
vmfsDisk: 1, rdmDisk: 0, blockSize: 1048576
Hole Punching: 25% done.

root@esx3:/vmfs/volumes/ds1/vma $ du -h vma_1-flat.vmdk
1.9G vma_1-flat.vmdk

VMware vCenter 6.x, добавление хоста, ошибка "Signed certificate could not be retrieved due to a start time error"

When you replace the VMware Certificate Authority root certificate with an enterprise subordinate certificate, you experience these symptoms:

  • The certificate has been valid for less than 24 hours
  • You are unable to join a VMware vSphere ESXi host to VMware vCenter Server
  • You see the error:

    A general system error occurred: Unable to get signed certificate for host: esxi_hostname. Error: Start Time Error (70034)
This behavior is changed in VMware vCenter 6.0 Update 2 and later with the advanced setting vpxd.certmgmt.certs.minutesBefore, available at VMware Downloads. For more information, see the VMware vCenter Server 6.0 Update 2 release notes.
To change the vpxd.certmgmt.certs.minutesBefore to 10:
  1. Connect to the vCenter Server using the vSphere Client and administrator credentials.
  2. Select Administration > vCenter Server Settings to display the vCenter Server Settings dialog box.
  3. In the settings list, select Advanced Settings.
  4. In the Key field, type a key.
  5. In the Key field, enter this key:
  6. In the Value field, enter:
  7. Click Add.
  8. Click OK.


Перенос конфигурации ESXi между разными экземплярами

Сервер A - исходная установка ESXi, Сервер B - новая установка ESXi. Оба экземпляра должны быть одинаковой версии и ревизии.

1. На серверах включить доступ по протоколу SSH

2. Сохранить конфигурацию на Сервере A

vim-cmd hostsvc/firmware/sync_config
при неисправности носителя (USB flash drive) будет возвращена ошибка
vim-cmd hostsvc/firmware/backup_config
будет возвращена ссылка на скачивание сохраненной конфигурации вида

3. Сохранить текущую конфигурацию на Сервере B.

4. Перевести Сервер B в режим обслуживания

vim-cmd hostsvc/maintenance_mode_enter

5. Скопировать исходную конфигурацию на Сервер B, файл разместить по адресу /tmp/cofigBundle.tgz. Для копирования можно воспользоваться WinSCP.

6. Распаковать содержимое архиваcd /tmp/

tar zxvf configBundle.tgz

7.В файле Manifest.txt заменить значение UUID на идентификатор из файла Manifest.txt в конфигурации Сервера A. Для редактирования файла можно воспользоваться WinSCP, либо редактором vi.

8. Удалить файл /tmp/configBundle.tgz

rm ./configBundle.tgz

9. Собрать новый файл конфигурации

tar zcvf configBundle.tgz Manifest.txt state.tgz

10. Восстановить конфигурацию

vim-cmd hostsvc/firmware/restore_config /tmp/configBundle.tgz 

После применения конфигурации сервер автоматически перезагрузится.

VMware View, подключение Access Point

1. Ошибка "Failed to connect to the Connection Server", код 404 при обращении к broker/xml.

Необходимо в файл install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties добавить исключения:




2. Ошибка "couldn't resolve proxy name"

Disable the secure tunnel for View Connection Server. In View Administrator, go to the Edit View Connection Server Settings dialog box
and deselect the check box called "Use secure tunnel connection to machine". By default, the securetunnel is enabled on the Access Point appliance.

Disable the PCoIP secure gateway for View Connection Server. In View Administrator, go to the Edit
View Connection Server Settings dialog box and deselect the check box called "Use PCoIP Secure Gateway for PCoIP connections to machine". By default, the PCoIP secure gateway is enabled on the Access Point appliance.

Disable the Blast secure gateway for View Connection Server. In View Administrator, go to the Edit View Connection Server Settings dialog box and deselect the check box called
"Use Blast Secure Gateway for HTML Access to machine". By default, the Blast secure gateway is enabled on the Access Point appliance.


(страница 16)