vCenter Event Broker Appliance – Part V – Contributing to the VEBA Project

In Part IV of this series, we successfully deployed our sample function, it fired when a VM powered up and correctly tagged the VM.

In this post, we will explore contributing to the vCenter Event Broker Appliance Open Source project. Open Source is obviously reliant on contributions from the community. One way to contribute is using your skills as a developer. But if you’re not a developer, you can still contribute in the form of documentation. When I started working with VEBA, I knew nothing about git. You can do some extremely complex things with Git – but the basics of making a change to a file and submitting it back for inclusion into this project are easy to learn.

Note: this post assumes you’ve already installed Git. Take a look at Part II if you don’t have Git installed.

For further learning outside of this blog post, I strongly recommend Commitmas, a great vBrownBag series on how to use git. Thank you to Kyle Ruddy for the suggestion.

The first thing you need is a Github account. Once you’ve signed up and verified your account, open up your Git Bash and use the git config –global command to set the and variables to match your name and verified e-mail address from Github. You will need this to match in order to sign your code when you commit it.

There are a few basic git operations that you need to understand:

  • clone – Creates a copy of the specified repository and saves it on your local workstation
  • commit – Git tracks your code changes. When you issue a commit, you’re telling git that you’re done making changes to files and want to save them into the local repository. Commit packages up all of your changes.
  • diff – Show the differences between files you’ve updated vs files currently in the repository
  • push – Takes code that you’ve committed locally and pushes it into a remote repository
  • fork – A way to copy an existing repository into your own Github account. This is how you can work on Open Source projects when you don’t have direct push permissions.
  • pull – You open up a pull request (PR) to ask the owner of a repository to merge the changes in your forked repository into their repository.

As I was going through the documentation, I read a file named An .md file is a markdown file, you will find most documentation in Github written in this format.

A few of the parts of this getting started file were incorrect. When I tried to use the referenced stack.yml file, I received an error saying that the provider name was invalid, and instead should be ‘openfaas’. I changed “name: faas” to “name: openfaas” and it worked.

I then found a typo of “read_debuge” instead of “read_debug”.

Finally, there was a mistake in the faas-cli commands at the bottom of this screenshot. The second command says to use “faas” when it should have read “faas-cli”.

I wanted to fix these and save them back to the main VEBA repository so others could benefit from my updates.

Because I don’t have rights to directly modify code in the VEBA repository, I need to fork the project. You can see the Fork button on the top righthand corner.

After clicking on the fork button, I end up with a copy of the code in my own personal account – Github tells you on the top lefthand corner that this is the vcenter-event-broker-appliance repository under my account, kremerpatrick, but it’s forked from the vmware-samples account

Now that I have a repository in my own personal account, I’m going to clone it to my local workstation

Note in this clone command I call my local folder “vcenter-event-broker-appliance4” because I have many different copies of the VEBA project as I played around with git.

I edit the file and make the 3 fixes – provider name, read_debug, and faas-cli. I save the file

Now I issue a git diff command. This shows me the differences between the files I edited and the code in my local repository. You can see all 3 of my changes, removed code is in red, and added code is in green.

Everything looks good in the diff. Time to commit the code. I issue the command
git commit -a -s

-a stands for “all”, meaning we want to commit all changed files. I only changed one in this case, but if you changed multiple files, the -a switch is one way to commit all of them.

-s means that I’m signing the file with the and variables that we populated above.

When I issue the command, git pops open my text editor of choice. I need to write a comment documenting my changes. I write it, save it, then close the text editor.

The commit is now complete. As expected, 1 file changed, and 3 lines of code changed in that file.

Now the code is committed locally, and I need to push the code up to my personal Github repository

I go back to Github and find my repository

I click on my repository and Github reports that my branch is 1 commit ahead of the base repository. This is expected as I performed 1 commit.

Now I need to ask the maintainers of the VEBA repository to merge my change into their repository. This is called a pull request (PR). I click on the “New pull request” button in my repository.

Because my repository is forked from the base VMware repository, git knows what to compare my commit against. It shows me a diff, and that diff matches the diff that I ran myself in git – all 3 of my changes are there. Everything looks OK so I click “Create pull request”.

This is the last step to filing a PR – I write a summary and explanation of my fixes. In my case, I had already fixed these errors elsewhere in the code, but I missed  I fill out the fields and click Create pull request.

My changes are now ready to merge. The repository owners are now notified that there is a new PR to approve. They can respond to me with requests for changes, or they can commit my change.

All done! We have now made changes to an open source repository – everybody who clones this repository after the PR is merged will be able to take advantage of the changes I sent over.

In Part VI of this series, we will look at how to sync our fork back to the upstream repository.

vCenter Event Broker Appliance – Part III – Tags and Clones

In Part I of this series, we explored how to deploy the VEBA appliance. In Part II, we looked at setting up a Windows workstation with the prereqs for interacting with VEBA. Part III focuses on working with vCenter tags and cloning a repository. The sample function will cause a vCenter tag to be applied to a VM when the VM powers on. At the end of Part III, you should have a vCenter tag defined, the tag’s URN, and a copy of the sample code from Github.

If you don’t want to learn about govmomi, you do not need to learn it for the code sample to work. You can create a tag named anything you like in the vCenter GUI. You can then use the get-tag PowerCLI cmdlet to retrieve the needed tag URN for the function.

In the getting started documentation, the Categories and tags section tells us to set 2 environment variables:

export GOVC_INSECURE=true
export GOVC_URL=’https://vcuser:vcpassword@vcenter.ip’

I set them to match my environment

govc will list out all of the tags defined in your vCenter. If you have a brand new lab vCenter, this command will return nothing – but it should also not error out. For my lab, it shows the only tag that I have defined: alert-power-operations

I confirm the command was accurate by looking at the Tags & Custom Attributes area of vCenter

A few things about govc – you can invoke help to list all available operations – this is just one page of results

You can also show help on a specific command.

Note that this help dynamically reads environment variables – my lab’s vCenter is showing up as GOVC_URL in this help output.

The VEBA documentation says to take note of the tag’s URN when you create it with govc. We can use the command to get the URN of an existing tag without having to create it using govc.

You can retrieve the same information from PowerCLI if you’re more familiar with it – you don’t even need to use govc

Next, we need to clone the sample repository. There will be more on git later in this series, but for now you just need to be able to clone a repository and use a text editor.

I create an empty git folder, right-click inside of the folder and choose Git Bash here. 

The documentation says to run the following commands:

git clone
cd vcenter-event-broker-appliance/examples/python/tagging

Git clone creates a copy of the VEBA sample code repository on your local system. Note that I passed a folder argument in the git clone command. By default, git would have created a folder called vcenter-event-broker-appliance and cloned the code inside of it. But I already have 2 copies of the repository for various testing reasons. I pass the clone command a folder argument of vcenter-event-broker-appliance3. Git clones the code for me and I CD to the new directory

The code is now downloaded to my laptop. In Part IV, we will customize the code for my lab environment and deploy the sample function to the VEBA appliance

vCenter Event Broker Appliance – Part II – Sample Code Prereqs

In Part I of this series, we explored how to deploy the VEBA appliance. In Part II, we look at setting up a Windows workstation with the prereqs for interacting with VEBA. As of the 0.3 release of VEBA, we support 2 different event processors – OpenFaaS is built right into the appliance, and we also support AWS EventBridge as an external processor. The content in this post doesn’t apply if you’re using AWS EventBridge – you set it up, VEBA forwards events to EventBridge, and you write code in native AWS to respond to events.

We begin with the Function Deployment section of the Getting Started Guide shown on the VEBA Fling instructions page. The guide lists 3 prereqs to getting started: git, faas-cli, and govc. Going into this I have no idea what any of that means. I know what git is, meaning I know the definition of source control and that git is one of many choices for source control. But I’ve never used it, and don’t know anything about faas-cli or govc

I start with the git download page. As I go through this, I seem to find myself at a disadvantage trying to do code on Windows – everything seems to be focused around Mac and Linux. But I successfully installed the Windows binary on my laptop.

I leave the defaults here

I know the basics of getting around vi, but spend a lot more time in Notepad++, so I switch to it here.

This seems to be an OK option – I’m not sure what people typically use. Through the sample code deployment I was only calling git from the Git Bash anyway, so I guess it doesn’t make a difference.

I don’t think I have a need to use Windows CAs so I kept OpenSSL.

I leave this default since it was the recommended Windows setting

I don’t like the Windows default console windows, I figured MinTTY couldn’t be any worse – I select it.

I leave all these default.

The next preqeq is faas-cli. I have no idea what this is, so I click on the link and read about it. faas-cli is a command line interface for OpenFaaS – a serverless functions framework for Docker and Kubernetes. OpenFaaS is built into the VEBA appliance – it is how you publish your custom code to run when an event happens.

For Windows, all I did is go to the releases page and download faas-cli.exe.

I decide to create a specific folder for any executables related to this project, so I created a folder and added that folder to my PATH variable. This way I can invoke the executable no matter where I am in the filesystem.

The final prereq is something called govc, part of govmomi. govmomi is a Go library for interacting with the vSphere APIs. govc is a CLI interface to the library. I did not know why govmomi existed when I started documenting my work with VEBA – thanks to Michael Gasch for explaining “govmomi is a library many VMware products and OSS projects use to provide a vSphere API library for the Go programming language.”

I was able to find and download govc_windows_386.exe at the govmomi releases page. I put it in the same folder as faas-cli.exe

We have now installed all of the prereqs for running our first sample function. In Part III, we will set up vCenter tags for the sample function and download the VEBA sample code to our local workstation with git.

VMware Employee Count

We have an internal tool in Slack where you can see how long you’ve been employed relative to other VMware employees i.e. X-employee account created on yyyy-mm-dd and has been here longer than XY% of employees. After looking at that, I wondered just how quickly we’ve grown over the years. So I grabbed employee counts reported in our 10-K filings at and graphed them. We just keep growing!

Enabling the vCenter Server permissions required to modify virtual machine network settings

We had a customer question regarding KB1020934. The customer wants to assign specific people the ability to change the portgroup of a VM, and only the portgroup. The KB article says that you must assign permissions at the Datacenter level. In my 6.7 U3 lab, I will show that you can do granular permissions at both the VM and portgroup level.

First I add a test user

Then I create a group called Network Team and add testuser to the group

Now I create a role called VM Network Admins and grant it the specific privileges as outlined in the KB article.

This screen shows that I’ve granted the permission in the following locations

  • A folder called Network Team
  • Distributed portgroup PG_VM_VLAN203
  • Standard portgroup VLAN200

Note that the screenshot also shows standard portgroup VLAN203, I removed this permission from that portgroup but forgot to update the screenshot.

I log in as testuser. I cannot see anything in Hosts and Clusters because the user has no permissions there.

I can see the folder paths leading to folder Network Team, and I can see VMs under that folder. I cannot see any other folders or VMs.

I can’t see any storage

I can only see portgroups that I’ve been granted permissions to.

Now I try to change the VLAN for my network adapter. Note that if I don’t have permissions to whatever portgroup the VM is currently on, the dropdown box is blank.

I browse for portgroups to switch to and I’m presented with only a list of the portgroups I have permissions for (I have other portgroups in my lab)

I put the VM on VLAN 200 and it drops off the network.


Then I put it back on 203 and it works.


Ubiquiti – Home Lab & WiFi

I wanted to put up a quick post on my Ubiquiti environment at home.

At the edge I have a UniFi Security Gateway 4P. I have 2 24 port POE-250W switches, one serving the homelab and one serving Production WiFi.

I had a difficult time getting ethernet run into the basement, so I ran only a single CAT-6 cable. This feeds a UniFi 8-port POE-60W switch. The switch powers one AP-AC-Pro for basement WiFi, then I have the kids game consoles and Roku boxes directly connected to the 8-port. I used the U-PRO-MP kit to hang the AP-AC-Pro in the basement. We have a drop ceiling and I didn’t want to cut holes in the tiles. The Pro mounting kit has two connectors that work great for mounting it to the metal support rails for the drop ceiling.

On the main floor I have an AP-AC-Pro serving my home office. I have 2 mesh units on the main floor – one is an AP-AC-Mesh in the Sunroom, on the complete opposite side of the house and nearly impossible to get a cable run over there. It’s connected wirelessly to another access point and works just fine – it’s obviously not as fast as the other access points, but it does the job. I have another mesh unit, an AC-MESH-PRO, in the living room. It’s directly wired and is just serving as an access point at the moment. I intend to add another mesh unit outdoors eventually to extend some solid WiFI signal out there, but I don’t have it working at the moment.

Upstairs I have 3 AP-AC-Pro units, each with their own CAT-6 home run to the switch. One serves the master bedroom, one is in the main hallway serving the other bedrooms, and the last one is in the loft. For ethernet runs I had a local company install 3.5″ round electric boxes in the ceiling, then I had them run electric conduit from my office on the first floor all the way up to the attic. Then it was just a matter of fishing 3 CAT-6 runs. I used the Pro mounting kit to easily attach the AP-AC-Pros to the electric boxes.

Xfinity Stream – Roku

I was trying to get a Roku working with my xfinity service. The app is in beta.

The list of supported devices is in this article:

It listed the Roku Ultra 4660 as a supported device. However, Roku no longer makes the 4660, it’s been replaced with the 4661. I was hesitant to try something off the supported list, even though the 4661 is basically the same hardware as the 4660 and they throw in a pair of headphones. The Ultra 4661 works just fine.

I ran into another issue – I’m in the middle of a move and I had 2 xfinity accounts linked to a single username, one at my old property and one at my new property. I only kept internet service, not TV service at the old property.  The xfinity authorization link at isn’t smart enough to understand multiple accounts, unless both accounts have TV service. I had to have xfinity customer service unlink the accounts, then the Roku worked.

Disable ‘Send Feedback to the Client Team’ in the H5 client

In highly secured environments, customers generally don’t want any type of ‘phone home’ behavior. In the vCenter HTML5 client, we have a ‘Send Feedback to the Client Team’ button. Some customers want that functionality to be disabled. Here’s how to do it:

root@vcenter [ /etc/vmware/vsphere-ui ]# vi

#DisableFeedbackTool Properties

The reboot the service:

service-control --stop vsphere-ui
service-control --start vsphere-ui

AWS DeepLens – First Look

I had the opportunity to attend Amazon re:Invent 2017, and as part of attending a bootcamp I received a discount code for a free DeepLens! It arrived today.

The box

32GB micro SD card and power supply. Amazon made a single power brick with interchangeable prongs.

The front of the DeepLens

Rear view of the DeepLens


After unpacking, the package insert directed me to

I did not have any of the IAM roles so I clicked Create Roles

The setup created this role for me

I connected to the DeepLens’ wireless network

Connected the DeepLens to my WiFi

I clicked the install and reboot button; it disappeared with no progress indicator.

I watched for the device to come back up, and connected again to the device’s wireless. The install and reboot button appeared again, so I clicked it again. It finished this time

Now I needed to upload the certificate .zipfile that I downloaded earlier in the setup.

The streaming certificate is required to view video from the camera

I set a device password and enabled SSH.


For my first project, I thought I’d add what looked to be one of the simplest ones, object detection.

After creating the project, I need to deploy it to the camera.

After a few minutes, the project was ready for use. 

That’s all for now – next post will be my first attempt to run the project.