virtual grind thoughts from the virtual world

14Nov/130

Openstack Hands-On Labs Now Available

It is great to see the contributions from VMware around the Openstack platform, especially with the new Havana release.

VMware also released new hands-on labs around Openstack and vSphere (HOL-SDC-1320):

VMware Blog Posting

15Oct/120

Using Likewise To Integrate Ubuntu Into Active Directory

Just thought I would share a quick post on adding your Ubuntu servers to Active Directory. Using Active Directory for centralized and distributed management of computers and users is a common practice. Allowing Linux machines to interact with the Active Directory extends this functionality into the Linux world, allowing administrators to use things like security groups and permissions for easy access.

Fortunately, in today's times, this process is a lot easier than it was years ago with the use of Likewise. To install Likewise, simply add the package via apt:

sudo apt-get install likewise-open

Once the package is installed, you have to join your Ubuntu installation to the Active Directory:

sudo domainjoin-cli join virtualgrind.local Administrator

In the above line, you are joining an Active Directory domain with a name of "virtualgrind.local" with the user "Administrator". Note that you will need to enter your domain name and a user account that has permissions to join the domain, if you do not use the Administrator account.

Once you enter the domainjoin-cli command, you will be prompted for the Active Directory account's password that was specified. If all goes well, you will see a "SUCCESS" message. You will also see the Ubuntu machine added as a computer in your Active Directory.

At this point, any Active Directory account will be able to ssh into the server. You can test this by creating a ssh session to the machine with an Active Directory account:

ssh virtualgrind\\johndoe@ubuntu-server
or
ssh 'virtualgrind\johndoe'@ubuntu-server

In the above example, you are providing the standard UNC naming convention as the username for your ssh connection, or DOMAINNAME\USERNAME. In this particular example, the domain name is "VIRTUALGRIND" and the user name is "johndoe". Also note that the hostname of this example is "ubuntu-server". You could also use the IP address of the server as well.

To limit the groups of users that are able to ssh into the server, you will then need to use the "lwregshell" command:

sudo lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory\]' RequireMembershipOf "virtualgrind\\SSH^Users" "virtualgrind\\Linux_Admins"

...then, to apply the changes and restart the service:

sudo lwsm refresh lsass

In this example, the lwregshell command is requiring that ssh users are members of the Active Group "SSH Users" or "Linux_Admins". I included two groups to show how to deal with spaces in a group name, or by using something like an underscore for your group names in Active Directory.

Finally, if any of the users that are accessing the system from Active Directory need to use the sudo command, you will also need to provide the UNC style name to the sudoers file:

%VIRTUALGRIND\\Linux_Admins ALL=(ALL)ALL

In this example, we are adding a line to the /etc/sudoers with the UNC name of the domain and group. For this instance, we are allowing the "Linux_Admins" group from the domain "VIRTUALGRIND" full sudo access. Remember to use the visudo command when performing this versus using something like pico or vi.

23Jun/110

Accessing the bash shell in Equallogic

Sometimes I need tools such as traceroute when troubleshooting connectivity between Equallogic arrays. This is especially useful when configuring features like replication.

From the main Equallogic shell, only certain Equallogic specific commands are available. To access the OS level shell, you can simply ssh in to your array and issue the command:

su exec bash

From the bash shell, you can issue OS level commands such as ifconifg and traceroute.

2Mar/110

vCloud Director 1.0.1 Upgrade Fails with “cpio: chown failed – Operation not permitted”

VMware requires that the vCloud Director installation .bin file is executed as root. This file is run to perform a new installation or upgrade to an existing vCloud Director cell. I have recently run into an issue with NFS's "root squashing" feature, which prevents the upgrade from completing.

As the NFS Sourceforge page states:

Default NFS server behavior is to prevent root on client machines from having privileged access to exported files. Servers do this by mapping the "root" user to some unprivileged user (usually the user "nobody") on the server side. This is known as root squashing. Most servers, including the Linux NFS server, provide an export option to disable this behaviour and allow root on selected clients to enjoy full root privileges on exported file systems.

Unfortunately, an NFS client has no way to determine that a server is squashing root. Thus the Linux client uses NFS Version 3 ACCESS operations when an application is running on a client as root. If an application runs as a normal user, a client uses it's own authentication checking, and doesn't bother to contact the server.

If you are not using the "no_root_squash" option on your NFS exports on your NFS server, you will receive the error "cpio: chown failed - Operation not permitted". This option is needed since the /opt/vmware/cloud-director/data/transfer directory on the vCloud Director cell is actually mounted to your NFS server.

Once you enable the no_root_squash option on your NFS exports, such as:

/export/dir hostname(rw,no_root_squash)

...you will be able to write to the directory as root and the upgrade will complete.

10Dec/100

VMware Customization Errors With Linux Guest Operating Systems

Recently, I ran in to an issue regarding customization scripts with Redhat and Ubuntu. Using the guest customization feature for a Linux guest, I noticed that after the virtual machine booted, none of the customizations like IP, hostname, etc. were applied.

After digging around in the VMware tools logs directory, I noticed the following error in /var/log/vmware-imc/toolsDeployPkg.log:

Failed to load /usr/lib/libDeployPkg.so: /usr/lib/libDeployPkg.so: cannot open shared object file: No such file or directory.

It appears that the libDeployPkg.so library is not placed or symlink'd in /usr/lib, it actually resides in /usr/lib/vmware-tools/lib32/libDeployPkg.so.

Simply creating a symlink fixes the problem:

ln -s /usr/lib/vmware-tools/lib32/libDeployPkg.so /usr/lib/libDeployPkg.so

Filed under: Linux, VMware No Comments
17Nov/100

Installing VMware Tools in Openfiler

I use Openfiler frequently for labs as well as NAS services. Although there are VMware appliances for Openfiler, I commonly build the latest version from an ISO.

I have seen people add gcc to the Openfiler distro and install VMware Tools from scratch, but you can easily add the rpath's open vm tools package from the command line.

Once you have installed Openfiler and it boots, simply log in the console as root and enter the following command to install open vm tools:

conary update open-vm-tools

From here, you simply reboot with:

shutdown -r now

Filed under: Linux, VMware No Comments
15Nov/100

vCloud Director Cell Required Redhat Packages

If you are like me, you do not want to provision a bloated Redhat operating system for your vCloud Director cells. I always choose to build Linux operating systems from the ground up.

For a base Redhat install, you will need to make sure the following rpm packages are installed on your base system:

alsa-lib bash chkconfig compat-libcom_err coreutils findutils glibc grep initscripts krb5-libs libgcc libICE libSM libstdc libX11 libXau libXdmcp libXext libXi libXt libXtst module-init-tools net-tools pciutils procps redhat-lsb sed tar which

Filed under: Linux, VMware No Comments
14Nov/100

Multiple Characters When Typing in Console of Linux Virtual Machines

Not being a Windows desktop user, I commonly will utilize a remote Windows desktop, VM, or server to access virtual machine consoles in VCenter. I will usually experience this problem when accessing a Linux virtual machine's console via an RDP session or remote session.

This is not only frustrating, but can also cause problems when trying to simply log in to the virtual machine, since usernames and passwords may not get entered correctly.

To fix this issue, simply open up the virtual machine's vmx file on the datastore and add the following line to the end of the file:

keyboard.typematicMinDelay = "2000000"

Please note that the virtual machine will need to be off in order to modify the vmx file.

13Nov/102

Automating VMware Tools Installation in Ubuntu

I have been asked numerous times about automating the VMware tools installation in Linux based operating systems.  I have seen people commonly use RPM's and even compile the tools from source, but the feedback I usually get is that admins would like to automate the installation, like they do in Windows.

Fortunately for us, VMware has been gracious enough to include packages for not only Ubuntu; but also Redhat, CentOS, and SLES.  When I tell people this, the response I usually get is that they never knew these options were available.

For the purpose of this post, I will go over the installation of VMware Tools in Ubuntu 10.04 LTS.  I will also include a link to VMware's official installation guide that covers these steps in detail for more operating systems.

The first step is to add VMware's repo to /etc/apt/sources.list and install VMware's GPG key.  Note that when you are adding the repo, you are adding the "4.1latest" repo.

$ apt-add-repository 'deb http://packages.vmware.com/tools/esx/4.1latest/ubuntu lucid main restricted'
$ wget http://packages.vmware.com/tools/VMWARE-PACKAGING-GPG-KEY.pub -q -O- | apt-key add -

The following five commands update your local package lists, installs VMware packages, and builds/installs the kernel modules:

$ apt-get update
$ apt-get install vmware-open-vm-tools-kmod-source
$ module-assistant prepare
$ module-assistant build vmware-open-vm-tools-kmod-source
$ module-assistant install vmware-open-vm-tools-kmod

Finally, now that everything is built, you simply need to install the packages. The final two commands depend on your installation. If you are not running a graphical interface on your system you will choose the first option that ends in "-nox". If you are using a graphical interface, use the latter command. Remember you only use on or the other, not both.

$ apt-get install vmware-open-vm-tools-nox 

OR
$ apt-get install vmware-open-vm-tools

The official VMware guide can be found here.