Terraform Cloud – How to List All Users

woman writing on whiteboard

Terraform Cloud has a rich API. However, the API documentation does not mention how to list all users. We can leverage the organization membership API and the PowerShell command Invoke-RestMethod to get a user list.

  1. Create an organization token in Terraform Cloud.
  2. Create the token variable $Token in PowerShell.
$Token = "abcd"
PowerShell
  1. Create the API parameters variable in PowerShell.
    You need to replace ZHENGWU with your own organization name. And I used 100 at the end of the URI to retrieve the first 100 users. It can be any number.
$params = @{
  Uri = "https://app.terraform.io/api/v2/organizations/ZHENGWU/organization-memberships?page%5Bsize%5D=100"
  Authentication = "Bearer"
  Token = $Token
  ContentType = "application/vnd.api+json"
}
PowerShell
  1. Retrieve the API return and list the user’s email address.
$Test = Invoke-RestMethod @params
$Test.data.attributes.email
PowerShell

Connect-NsxtServer shows “Unable to connect to the remote server”

When you run Connect-NsxtServer in the PowerCLI, it may show “Unable to connect to the remote server“.

Because the error message is a little bit confusing with other login issues. It’s not easy to troubleshoot. The actual reason is the NSX-T uses a self-signed certificate, and the PowerCLI cannot accept the certificate automatically.

The fix is super easy. You need to set the PowerCLI to ignore the invalid certificate with the following command:

Set-PowerCLIConfiguration -Scope User -InvalidCertificateAction:Ignore -Confirm:$false

Move Terraform Providers to Other Folders

Create a new control file with the name .terraformrc or terraform.rc in your profile folder.

Add the following lines:

plugin_cache_dir   = "$HOME/.terraform.d/plugin-cache"

Create the folder .terraform.d/plugin-cache in your profile folder.

The providers will be downloaded to the cache folder when you run terraform init.


If you don’t want to create the control file in the profile folder. Alternative is to create an environment variable.

export TF_PLUGIN_CACHE_DIR="$HOME/.terraform.d/plugin-cache"

How to Use Proxy on WSL 2

  1. Install cntlm.
    sudo apt-get install cntlm
  2. Configure the permission for cntlm.conf file.
    sudo chmod 644 /etc/cntlm.conf
  3. Configure proxy settings.
    sudo vi /etc/cntlm.conf
  4. Make sure the following parameters are configured.
    Domain Domain
    Username username
    Proxy 1.2.3.4:5678
    NoProxy localhost, 127.0.0., 10.
    Listen 3128
  1. Test connectivity. (Hit enter key if it asks a password)
    cntlm -M http://www.google.com
  2. Generate hashed passwords.
    cntlm -H
  3. Paste the generated passwords to the cntlm configuration file.
  4. Configure proxy.
    export http_proxy=http://localhost:3128/
    export https_proxy=http://localhost:3128/
  5. Start cntlm
    sudo cntlm -v -c /etc/cntlm.conf

Setup Terraform and Ansible for Windows provisionon CentOS

black server racks on a room

Provisioning Windows machines with Terraform is easy. Configuring Windows machines with Ansible is also not complex. However, it’s a little bit challenging to combine them. The following steps are some ideas about handling a Windows machine from provisioning to post configuration without modifying the winrm configuration on the guest operating system.

  1. Install required repos for yum.
yum -y install https://repo.ius.io/ius-release-el7.rpm
yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install https://packages.endpointdev.com/rhel/7/os/x86_64/endpoint-repo.x86_64.rpm
yum -y install epel-release
yum -y install yum-utils
yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
  1. Install Terraform.
sudo yum -y install terraform
  1. Install Ansible.
sudo yum -y install ansible
  1. Install Kerberos.
yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation
  1. Install pip.
sudo yum -y install python-pip

# You probably need the following packages if you are using VPN
pip install pysocks
  1. Install pywinrm[kerberos].
pip install pywinrm[kerberos]
  1. Configure /etc/krb5.conf.
    The following are the required lines. Please make sure to change the domain name to yours. And it’s case-sensitive.
[libdefaults]
 dns_lookup_realm = true
 dns_lookup_kdc = true
 forward = true
 forwardable = true
 default_realm = ZHENGWU.ORG


[realms]
 ZHENGWU.ORG = {
  kdc = DC.ZHENGWU.ORG
  admin_server = DC.ZHENGWU.ORG
 }

[domain_realm]
 .zhengwu.org = ZHENGWU.ORG
 zhengwu.org = ZHENGWU.ORG
  1. Create an Ansible inventory file.

[win] #Group name
dc.zhengwu.org #This is the target server list
 

[win:vars]
ansible_connection=winrm 

ansible_user=administrator #It's better a domain admin account.
ansible_password=P@ssw0rd #Change this password
ansible_port=5985
ansible_winrm_transport=kerberos
ansible_winrm_server_cert_validation=ignore
  1. Run Ansible win_ping test.
ansible <group in inventory file> -m win_ping -i <inventory file>

Cannot log in to Microsoft Account over VPN

Abstract

I am using a VPN (proxy) to improve the access performance to global websites. There was a minor issue that I struggled with for a long time. I could not log in to any Microsoft account when using a VPN. The solution is to add the Your account to the loopback exemption. However, I’ll explain the reason in this post.

Explanation

Microsoft used a different way to run applications on Windows 8 and later versions. It is called AppContainers. This change leads to some applications not working with VPN (proxy) since it blocks some data exchanges between applications. The change is for security reasons. It basically isolates each application to block the communication on the local computer level.

But, Microsoft offers a way to exempt applications for troubleshooting purposes. Hence, adding the applications to the exemption work around the problem.

Following are some useful commands for exemption with Windows native commands:

# Show a list of loopback exemption
CheckNetIsolation.exe LoopbackExempt -s

# Add an application to the exemption
CheckNetIsolation.exe LoopbackExempt –a –n=<app name>

It’s not easy to figure out the application name or ID. You should use Process Explorer. However, you can also download the 3rd party tool “Windows 8 AppContainer Loopback Utility” to configure it.

AppContainer Loopback Exemption Utility
Utility interface

Reference

How to enable loopback and troubleshoot network isolation (Windows Runtime apps) – Windows app development | Microsoft Docs

AppContainers for Windows 8: What Are They and How Can You Create Them? | by Apriorit | Apriorit — Specialized Software Development Company | Medium

AppContainer Isolation – Win32 apps | Microsoft Docs

Allow an Application to bind and listen on a port to honor requests from outside the app (microsoft.com)

vSphere Web Client stuck on the loading screen

a blank sticky note stuck on a lilac surface

It’s been a while since my last post. I got an exciting issue a few days ago. I was trying to log in to a vCenter Server in Chrome. I can see the login screen and enter the credential. However, I was not able to get into the main page. vSphere Web Client was stuck on the “loading.”

The reason is the Chrome version was 50. It’s incompatible with the vSphere Web Client version.

Here are the vSphere Client requirements for your convenience.

Hackintosh on x86 platform – Part II Install macOS

A MacBook Pro photo

I introduced the Hackintosh hardware tips in the first article. However, some software is required to configure, install, and run macOS on the Hackintosh. I used OpenCore. The other option is Clever.

The high-level configure procedure

  1. Prepare macOS image.
  2. Create bootable USB disk with macOS image.
  3. Edit EFI configuration on the USB disk.
  4. Install macOS on the hardware.
  5. Tuning.

However, you need to follow OpenCore official guidelines to prepare and install macOS. I only share my experience on Dell Inspiron 15-7569.

Helper Machine for the Hackintosh

OpenCore guidelines provide the tools on Windows, Linux, and macOS. I think the tools under macOS are most straightforward. So I suggest you have another computer to prepare the macOS image. Suppose you don’t have an Apple computer. You can create a macOS virtual machine on Windows 10. Following is what I used:

  1. Prepare a Windows 10 computer.
  2. Install VMware Workstation or VMware Player. The evaluation version is enough.
  3. Run unlocker 3.0.3 to enable macOS support on the VMware products above.
  4. Create a macOS VM.
  5. Download macOS image and install on the VM. (This article offers some images that can be used directly on VMware Workstation. I didn’t test it. But the guide is also helpful.)

I recommend downloading the Catalina or older macOS version for the virtual machine since it is more stable. And another trick is you need to install VMware Tools on the virtual machine twice after install macOS.

Tools

Once the virtual machine is ready, you need to download and upload the following tools to it:

  • MountEFI. It’s a tool to mount the EFI partition.
  • OpenCore. It’s the core part to boot up macOS on non-Apple platform. It simulates the Apple hardware environment.
  • ProperTree. It’s used to edit the configure.plist file.
  • GenSMBIOS. It generates fake Apple serial number, board id…etc.
  • IORegistryExplorer. It’s useful to list graphic card on macOS for troubleshooting purpose.
  • installmacos.py. It downloads the official images to macOS.

Configuration

Now you have enough tools to start the actual works. I would suggest you follow the OpenCore official guidelines. Since it contains the detailed steps, I mentioned below. Following is the high-level procedure I used:

You should complete the following steps on the helper macOS virtual machine.

  1. Download macOS image. I used to see some newer versions of Big Sur that could not complete the installation progress. If it’s the case, please choose a lower version.
  2. Format a USB disk to the Mac OS Extended (Journaled) format.
  3. Create the USB bootable installer with the downloaded image.
  4. Mount EFI partition of the USB disk.
  5. Create a folder called EFI in the empty EFI partition you mounted.
  6. Copy OperCore files over to the EFI folder.
  7. Add, remove, and modify the files in the EFI folder according to the OpenCore official guidelines.
  8. Edit the “config.plist” file in the EFI folder according to the OpenCore official guide.

Installation

Now you should be able to install macOS on the Hackintosh with the USB disk.

Please make sure the partition is APFS when you format the local disk. Otherwise, macOS installation may be in problem.

Please leave some space to install Windows 10 if you can. It will be beneficial for macOS issues in the future.

You may want to use an external keyboard and mic if it’s a laptop. The reason is the laptop keyboard and touchpad may require additional tuning. You can do that later after installed the macOS.

If everything goes smoothly, you should be able to see the login screen after several reboots.

Post Installation Tuning

The installation is not the end of the Hackintosh game. You still need to tune the macOS as much as possible to works as an actual Mac. Even it’s a Hackintosh. 🙂 Following is my experience:

Apple’s unique features

  1. Play DRM content. Such as Apply TV+, High quality lossless music in Apply Music, Netflix or Amazon in Safari…etc. It doesn’t work if your computer only has embedded GPU (iGPU). And it only works well on AMD Dedicate GPU (dGPU, the secondary GPU on your computer). You may need to follow the commands I mentioned in the part I to enable it.
  2. AirDrops, SideCar, and Apple Bluetooth features (Such as AirPod Pro). You need a compatible wireless card to enable these features. The card with different part number (PN) may not work on some computers. For example, my laptop is Dell Inspiron 15-7569. I bought an DW1820A. The bluetooth worked but wireless never worked. According to the community, the only work version is DW1820A with PN: CN-08PKF4. Then I returned the first card and bought another one with the correct PN, it worked just fine. People says that driver is not required for compatible wireless card. This is inaccurate. You actually need to follow OpeCore guidelines to install 3rd party driver.

Common features

  1. Sound Card. You may see no sound card in the macOS settings. Therefore, you need to follow the guide to find out your sound card’s ALC and try the layout id one by one in the boot arg section in configure.plist file. It spent me a lot of time to identify ALC of my sound card. Following is my experience:
    • Find your sound card’s vendor id (VEN), device id (DEV), and subsys id (SUBSYS) in device manager -> Properties of your sound card -> Detials -> Device instance path on Windows 10.
    • Search the combination of VEN and DEV. For example: Dell Inspiron 15-7569’s sound card is customized. It’s hard to find the actual Codec. I found the VEN 10EC, DEV 0225, SUBSYS 1028073 in the devce manager on Windows 10. I searched 10EC0225 in this file. And then try to match the SUBSYS in results. And found out the codec is ALC3234.
    • Found the codec in the AppleALC list.
    • You should see there are few or a lot of layout ids for your codec.
    • Now you need to test each id by following “Testing your layout section” in OpenCore.
    • Be patient! I tried a lot of ids for my codec, and one time I was about to gave up. But suddenly one ID was working!
  2. TouchPad and Mic on laptop. The OpenCore official guidelines have enough information for this. However, The trick is you need to decide are your TouchPad and Mic a PS2, USB, I2C or something else. It really confused me. My workaround to identiy it is to go to BIOS setting to check. My laptop has a keyword “PS2” in the TouchPad setting.

That’s all I have at this moment. I didn’t provide detailed procedures since everyone’s hardware is different. However, the high-level processes may bring you some ideas about the whole picture of Hackintosh. Good luck and have fun!!!

Hackintosh on x86 platform – Part I Hardware

laptop notebook internet connection


“Hackintosh is a computer that runs Apple’s Macintosh operating system macOS on computer hardware not authorized for the purpose by Apple.”

Wiki

All credits belong to the OpenCore official guide. I cannot complete without the super detailed guide. 🙂

Hardware is the first step for Hackintosh. You need compatible computer parts that macOS can support. I have successfully build my Hackintosh system on a desktop PC and a laptop.

Please refer to the OpenCore official guide to buy your computer parts. I will only share my experience in this article.

CPU

First of all, I recommend Intel CPU. According to the guide. It appears a bit hard and extra steps if you use AMD CPU.

Memory

Memory is more flexible. I have tried from high-end Samsung DIMMs to some super cheap DIMMs (32GB per DIMM). I didn’t see any issue.

Hard Disk

Hard disk is also flexible. You can use SATA to NVMe. However, I would recommend SATA SSD or NVMe SSD. It’s much faster. My macOS loading speed is about 4 – 6 seconds with NVMe SSD. And any brand is ok. My desktop PC use SAN Disk. And my laptop uses a cheap ($85 for 512 GB) no-brand SATA SSD.

GPU

A graphics card is essential. It impacts Apple TV+, NetFlix, and any other online streaming services that use Apple DRM technology. I assume you are using Intel CPU. And you only want to use the embedded graphics card. You will not be able to watch movies on Apple TV+. (I have tried all options. Please let me know if you figured it out.) If you use an external graphics card. AMD card is the best choice since Apple’s computers use only AMD graphics cards.

And “iGPU” means the embedded graphics card. “dGPU” means the external graphics card. If you have a proper dGPU, you build a Hackintosh computer by following the OpenCore official guide. And you find Apple TV+ still doesn’t work. In addition, you need to run the following command in the terminal:

defaults write com.apple.AppleGVA gvaForceAMDKE -bool YES
defaults write com.apple.AppleGVA gvaForceAMDAVCEncode -bool YES
defaults write com.apple.AppleGVA gvaForceAMDAVCDecode -bool YES
defaults write com.apple.AppleGVA gvaForceAMDHEVCDecode -bool YES

Wifi and Bluetooth

The wifi card is a critical part of achieving most of Apple’s unique functions. Such as AirDrop, SideCar, AirPod, and Apple Watch unlock, etc. The suggestion is to buy a second-hand Apple wifi card or something natively supported by macOS. For example, my laptop uses the DW1820A wifi card. The part number is CN-08PKF4 which is perfectly running on my Dell Inspiron 15-7569! I would recommend the same card if you have a Dell laptop. Please make sure the part number is the same as mine. I tried some other model on the Dell laptop. No one works.

Other Consideration

In addition. You also need to prepare a USB keyboard and mouse if you build Hackintosh on a laptop. The laptop keyboard and touchpad may not work in the macOS installation if you do not configure OpenCore properly. So you may need to use the USB keyboard and mouse temporarily.

This operation is restricted by the administrator – ‘vpxd.stats.maxQueryMetrics’

You may see vpxd.stats.maxQueryMetrics relevant error when retrieving performance data of ESXi hosts, virtual machines, or other entities on vCenter Server by PowerCLI. The full error message:

This operation is restricted by the administrator – ‘vpxd.stats.maxQueryMetrics’. Contact your system administrator

VMware published a KB about how to fix that. Please notice that the mentioned vCenter advanced parameter config.vpxd.stats.maxQueryMetrics is case-sensitive.

202203 Update:

The parameter is removed in vCenter Advanced Settings after upgrading to vCenter Server 7.x. You have to reconfigure it.