Downloaded and installed the latest appliance. Successfully integrated with vCenter.
But, when I go to VMware event broker plugin in vCenter, I get a pink bar with a red exclamation.

The 2nd step in replacing the SSL Cert for knative is not working.
kubectl -n contour-external delete secret ${KNATIVE_CERT_NAME}
Error from server (NotFound) : secrets "eventrouter-tls" not found

Hi Gopi,

1) What error message do you see in vSphere UI? It's possible this is unrelated since the registration would either succeed or not succeed. In the case of not succeeding, there wouldn't be any messages in UI (since it was unsuccessful). Can you confirm that your vCenter Server can communicate over 443 to VEBA Appliance which is serving the plugin?

2) Did you enable debugging when you deployed (option at the very bottom of the OVA). You can look at /var/log/bootstrap-debug.log and see if there's any immediate errors, the setup script is design to stop upon first error

The VEBA team is also on VMware Code Slack Channel https://vmwarecode.slack.com/archives/CQLT9B5AA if you wish to join and we can debug

William,

No error message on vSphere UI than just an red exclamation mark (is there away I can upload a screenshot?). The registration is completed successfully. I can see it in the console as well as in /mob. vCenter and VEBA appliance are deployed in the same subnet and can reach between those two. All ports are open, no firewalls in place.

Enabled debug logging and no errors that I could find in the logs.

We use VMCA in hybrid mode in vCenter.

Thanks William for the follow-up.
Re-deploying with debug option enabled. Will keep you posted.

Make sure your vCenter Server can connect to VEBA appliance (443) as it is providing the UI and hence VC must be able to connect to provide the UI service

Confirmed 443 between the two appliances, vCenter (7.0u2) and VEBA

If you're still seeing the red error, can you please screenshot that?

Also, I was just talking to the UI developers, you can open up Chrome Developer (Firefox also has the same) and when you refresh, can you see what errors are shown in red or 404? This would be helpful for us to understand what's happening

Also, you can take a look (or share) /var/log/vmware/vsphere-ui/logs/vsphere_client_virgo.log which should also contain the errors that you're seeing from the vCenter Server side

I will try to setup one in my home lab over the weekend and see

Sent two screenshot to dl-veba@vmware.com

HI Gopi,

Not sure if our corp spam filters caught your mail, but we've not received an email? Would it be possible for you to join the Slack group and we can troubleshoot in real time

Good Morning William, Sorry for not replying, got busy at work.
Those mails were undelivered. Got the notification yesterday.
Looks like there may have some environmental issues with the VC/cluster I was deploying to. Now I deployed to another environment, no errors, but the VC integration is not working/no plug in displayed. I will get the logs uploaded.
Also, let me join slack.

A few things I've noticed where my results have varied and the information isn't posting to slack.

1. Inside of stack.yml I was receiving an error on the provider name faas, when I changed that to openfaas the build proceeded.

2. When I ran the deploy I received a "Deployed. 202 Accepted." message. The article said 200.

3. When I go into Openfaas the function has Invoke grayed out and the Status is set to Not ready. - Is that normal?

4. The webhook URL looks different than the example and the example ends with a / Mine looks like https://hooks.slack.com/services/TR7RS1W/BQZLL6M/4QN19g5fdsa

Thanks for reading, hopefully I can get this working because we really need a solution for auditing VM change events.

Just a question, which sites does the appliance try and reach?

Not sure I understand the question. Are you interested in the request flow or specific calls VEBA makes to the outside world?

Hi Michael,

Sorry I should have been more clear the requirement state it requires internet access and I wanted to know which sites it needed access to.

From going over the logs it seemed to be connecting back to https://cloud.weave.works/k8s/*
and doing git clones on
https://github.com/openfaas/faas-netes
https://github.com/projectcontour/contour.git

Yes, there are a number of Docker Containers that setups k8s and VEBA and those must be whitelist or accessible. For the complete list, see https://github.com/vmware-samples/vcenter-event-broker-appliance/blob/master/scripts/photon-containers.sh#L11-L32 which is code I've put in place to pre-fetch the containers so internet access (either direct or proxy) isn't required.

If you're interested, we've got a preview version at https://download3.vmware.com/software/vmw-tools/veba/vCenter_Event_Broker_Appliance_0.2.0.ova

If you deploy functions that haven't been cached or must go out to say Dockerhub, then you'll still need connectivity.

Hope this helps

having trouble with DNS resolution regardless of what i put into the vApp config at deployment. 'resolvectl status' shows the DNS server i entered but where is the search domain stored so i can verify that?
thanks

Check out:

root@veba [ ~ ]# cat /etc/systemd/network/99-dhcp-en.network
[Match]
Name=e*

[Network]
Address=192.168.30.170/24
Gateway=192.168.30.1
DNS=192.168.30.1
Domain=primp-industries.com

You can also check /var/log/bootstrap.log or if you've toggled debug /var/log/bootstrap-debug.log to see what's being passed in and where things are going

deployed the early build posted below by William and all is well.
thanks!