ESXi on ARM rPI4 failed to add to vCenter

I tried to add my freshly installed rPI 4 running ESXi on ARM to my HomeLab vCenter. It failed with “A general system error occurred: Unable to push signed certificate to host 192.168.0.99”

The root cause is that the rPI has no battery backed RTC therefore the time is out of sync and all certificates are invalid.

Quick fix:

Configure NTP in ESXi

Login to the Host client

Go to Manage, System Tab, Time & date:

Edit NTP settings

change it to:

and click Save

Now click on the Services tab and start the NTPD service:

Select the NTPD service and click on start.

Now verify on the System tab if the time is in sync if this is not the case restart NTPD again from the Services tab which will force the time sync.

Afterwards you can add the ESXi running on a rPI4 to your vCenter.

Skyline required permissions have changed

I just noticed that the required permissions of the Skyline user for vCenters have changed based on KB 59661.

Old permissions:

vCenter Server Read-Only Role.

Global.Diagnostics

Global.Health

Global.Licenses

Global.Settings

New permissions:

vCenter Server Read-Only Role.

Global.Diagnostics

Global.Health

Global.Licenses

Global.Settings

Host profile.View…

Build Photon OS appliance using packer.io

I found a great article from William Lam about how to build an Photon OS virtual appliance which includes OVF settings for configuration. During my initial tests I faced some issues like the virtual machine network did not connect properly and others. First I had changed the existing scripts to work with the vmware-iso builder which was in the end working but the performance was pretty bad. So I decided to convert the existing template from vmware-iso to vsphere-iso.

The base code is really good an most of it can be re-used. My changes can be found in my fork of his repo.

https://github.com/mdhemmi/photonos-appliance

And here a video of a build run.

Source:

https://www.virtuallyghetto.com/2019/11/packer-reference-for-building-photonos-virtual-appliance-using-ovf-properties.html

Quick tip: How to query CPU microcode revision on a ESXi

SSH to the ESXi host and execute the following command:


vsish -e cat /hardware/cpu/cpuList/0 | grep -i -E 'family|model|stepping|microcode|revision'

Output:


[root@esxi:~] vsish -e cat /hardware/cpu/cpuList/0 | grep -i -E 'family|model|stepping|microcode|revision'
Family:6
Model:60
Stepping:3
Number of microcode updates:1
Original Revision:0x0000001c
Current Revision:0x00000027
[root@esxi:~]

VMware Skyline: Hostname verification

If you do SSL inspection in your company you can run into issues when using Skyline as the collector does Hostname verification. This will ensure the collector is connecting to the appropriate server by looking at the certificate’s “dnsName” or “subjectAltName” fields against the host in the URL of the connection.

As SSL inspection can be required by your IT Security the newest version of the Skyline collector contains the option to disable hostname verification so the connection with SSL inspection providing non valid certificates will work.