How to VCSA authentication with FreeIPA

November 25, 2018 Leave a comment

V tomto navode sa pozrieme na to ako autentifikovat uzivatelov voci openldapu na identity manazment systeme FreeIPA. Predpokladame ze FreeIPA server mame nainstalovany a funkcionalitu LDAP sluzby overenu.

Prihlasime sa do VCSA a v sekcii Administration->Single Sign On->Identity Sources pridaveme novy source ADD IDENTITY SOURCE. Ako typ vybereme Open LDAP.

Nasledne treba zadat parametre pre FreeIPA server. Tie su nasledovne.

Identity Source Type : Open LDAP
Name                 : freeIPA
Base DN for users    : cn=users,cn=accounts,dc=dubnik,dc=sk
Base DN for groups   : cn=groups,cn=accounts,dc=dubnik,dc=sk
Domain Name          : dubnik.sk
Username             : uid=admin,cn=users,cn=compat,dc=dubnik,dc=sk
Password             : passw0rd
Primary Server Url   : ldap://10.20.50.5:389

Teraz vie VCSA kontaktovat LDAP server a autentifikovat uzivatela ale ako posledny krok musime este pouzivatelovi nastavit globalne prava.V sekcii Administration->Access Control->Global Permissions pridame pouzivatelovi prava. Vybereme uzivatela z ldap servera a priradime mu pozadovanu rolu.

Tak a teraz sa tymto uzivatelm mozeme prihlasit do VCSA.

Filed under ESXi Tagged with

How to change esxi network address/gateway using cli.

November 8, 2018 Leave a comment

Zmena mgmt adresy

esxcfg-vmknic "Management Network" -i 10.0.10.94 -n 255.255.255.0

Ak potrebujem nastavit tagovanie

esxcfg-vswitch -p "Management Network" -v 30 vSwitch0

Zmena default gateway

esxcfg-route -d default 0.0.0.0 192.168.0.1
esxcfg-route -a default 0.0.0.0 10.0.10.1

A restartnem sluzbu

/sbin/services.sh restart

Filed under ESXi, Short Howto's Tagged with

Change interface eth1 back to eth0 after VM copy (CentOS)

September 26, 2014 Leave a comment

Ked presunieme virtualku z jedneho ESXi hosta na druheho, moze sa stat (akoze sa aj stane) ze sa zmeni povodny eth0 interface na eth1.To je sposobene ze novy ESXi pridadi virtualke inu mac adresu ako bola povodna.Ak to chcem upravit naspat bez toho aby sme konfigurovali novy eth1 interface bude treba upravit udev rules.
Najprv si skontrolujeme povodny udev rule kde uvidime mac adresu ktora je viazana s interfacim eth0.

[root@test ~]# cat /etc/udev/rules.d/70-persistent-net.rules 
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x15ad:0x07b0 (vmxnet3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:94:f8:1b", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

Rovnaka mac adresa je aj v konfiguracnych skriptoch pre interface eth0

[root@test ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
TYPE=Ethernet
UUID=38b87a53-aab1-454b-9cdf-7cd5357edfdb
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=00:0C:29:94:f8:1b
IPADDR=10.10.10.16
PREFIX=27
GATEWAY=10.10.10.1
DNS1=10.10.10.1
DEFROUTE=yes
NAME="System eth0"

Ked presunieme VMku vidime ze nam v udev rules vznikol novy interaface eth1 s novou mac adresou.

[root@test ~]# cat /etc/udev/rules.d/70-persistent-net.rules 
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.

# PCI device 0x15ad:0x07b0 (vmxnet3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:94:f8:1b", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

# PCI device 0x15ad:0x07b0 (vmxnet3)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:c7:65:54", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"

Ak chceme aby VMka pouzivala povodny eth0 interface bude treba zmamzat z udev rulov zaznam pre interface eth1 a zmenit mac adresu na povodnu v udev pravidlach /etc/udev/rules.d/70-persistent-net.rules a rovnako aj v /etc/sysconfig/network-scripts/ifcfg-eth0. Nasledneme restartneme VMku a nabehne s funkcnym eth0 interfacom.
Este nesmieme zabudnut ze pre presune masiny ESXi strati zaznamy (aspon pri mojej free verzii) o sietovych nastaveniach a treba nanovo pridat vlanu vmxnet interfacu.

Filed under ESXi, Linux Tagged with

Monitor ESXi host with Zabbix

September 22, 2014 Leave a comment

Potreboval som zacat monitorovat ESXi hosta.Tak tu je kratka ukazko ako na to pomocou
Ako prve si zapneme snmp deamona na esxi hostovi.

Stiahneme si nasledovny template (premenujeme koncovku .doc na .xml kedze wordpress nepodporuje upload .xml file-ov) importneme do zabbix template-ov a nastavime v macros snmp community pri hostovi

{$SNMP_COMMUNITY}=>my_snmp_string

A to je vsetko, dany template je low level discovery takze vsetko potrebne si vyhlada sam.

Filed under ESXi Tagged with

SNMPd na ESXi hostovi

September 22, 2014 Leave a comment

Ked chceme spustit snmp service pre host na ESXi hostovi a dostaneme naslednu hlasku
esxi_snmp
Je potrebne nastavi snmp service z cli.Tazke sa prihlasime cez ssh na naseho esxi hosta a nastavime snmp.
Nastavime snmp community

~ # esxcli system snmp set --communities mystrongsnmpstring
~ # esxcli system snmp set --enable true

A povolime na fw pristup iba z monitoring ip adresy

~ # esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
~ # esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 10.10.10.1/24
~ # esxcli network firewall ruleset set --ruleset-id snmp --enabled true

Reloadneme service

~ # /etc/init.d/snmpd restart

Filed under ESXi Tagged with