Tag: ESX

How to install VMware Tools in Trustix Secure Linux

How to install VMware Tools

This is taken from: http://www.trustix.net/wiki/index.php/VMwareTools

How to install VMware Tools

This has (so far) only been verified to work on VMware Workstation v5.5 and a TSL 3.0 installation with the following groups installed: “Minimal with SSH”, “Commonly used local utilities” and “Commonly used network utilities”; a typical, almost minimal, TSL system.

Required packages

You need the following packages installed on the system to get VMware Tools to compile the needed modules (other packages may be installed due to dependencies):

make
gcc
glibc-devel
kernel-source

All in one using swup:

swup --install make gcc kernel-source glibc-devel

n.b. –ignore-filter may be required on TSL 2.2 to allow kernel-source to be installed.

Configure kernel-source

VMware tools won’t compile if you have not configured and prepared the kernel-source.

  • The kernel-source installs itself in /usr/src/kernel-source-<version>. You should link this folder to /usr/src/linux:
cd /usr/src
ln -s kernel-source-<version> linux

We also need to copy the kernel config file into our kernel-source:

cp /boot/config-<version> /usr/src/linux/.config
  • Lets prepare the kernel-source for VMware Tools:
cd /usr/src/linux
make oldconfig
make modules_prepare

n.b. With TSL 2.2 use ‘make dep’ in place of ‘make modules_prepare’.

Install VMware Tools

Having your TSL 3.0 installation active, release the lock (CTRL+ALT) and go to the menu and choose:

VM -> Install VMware Tools..

Mount the virtual CD-ROM containing the VMware tools and install the rpm there. Then unmount it.

mount /mnt/cdrom
rpm -Uhv /mnt/cdrom/VMwareTools-<version>-i386.rpm
umount /mnt/cdrom

Compile and configure VMware modules for TSL

To finish the VMware Tools installation we run the VMware tools configure script and it will compile the VMware Tools modules:

vmware-config-tools.pl

Answer yes to all questions and all but the X Windows display driver is configured. See below for X Window driver support.

Optimized network driver – VMXnet

When TSL 3.0 was installed as guest OS it found and installed the pcnet32 driver. You could stick with it, but I would recommend you change it for the optimized vmxnet driver which was just compiled. The following instructions are displayed after vmware-config-tools.pl finish to help you replace the network driver:

service network stop
rmmod pcnet32
rmmod vxnet
vi /etc/modprobe.conf /etc/mkinitrd/modules <-- change vmnics to vmxnet
tsl-fixboot.sh --install <kernel-version>
depmod -a
modprobe vmxnet
service network start

X Window

You need the following packages installed to have the X Window driver compile (other packages may download and install due to dependencies):

xorg-x11
xorg-x11-devel

As always, you may install them all in one using swup:

swup --install xorg-x11 xorg-x11-devel

Now run vmware-config-tools.pl again to compile the svga driver:

vmware-config-tools.pl

NB! You may get a warning about not being able to compile the vmxnet driver. Just ignore that. You already have it installed if you followed the instructions above.

Please note, this will only give you a minimalistic xorg-x11 without gnome or another DE/WM. I would recommend you check out the Desktop Environment section to get a fully working and useful desktop.

If you get the error when compiling the tool: “The kernel defined by this directory of header files does not have the same address space size as your running kernel.”

The way I fixed it was just by using a newer version of VMware-tools. I used the source from ESX 3.0 and you can search on the web and you should be able to find it.

ESX3 – remote console not coming thru – everything else ok

Problem: From the Virtual Infrastructure Client, I log in and can do whatever I want except see a VM’s console. The VM can power up, I can modify the VMs, but when I go to the console, it just gives me a black blank screen. When I use open console, I get a timeout. I set up the vmx file so that I could use vnc to connect to the console and it works fine. When using the webAccess, I can see the console just fine too. What gives?

In the VI3 server, connections are handled a little differently. Incoming RC connection go to port 902 in the COS: vmware-authd service Then, the MKS (mouse, keyboard, screen) connection happens on port 903 – vmware-vmkauthd listens on port 903. Since connections to port 903 are forwarded to COSShadow, COS would not see those packets. The client actually makes a request on port 902, but then, the server gives a redirect to the client to connect on port 903. If there’s any type of NAT in between or some other network tweak, it could cause this to fail.

Here’s the workaround:

1) Open up the /etc/vmware/config file and append to the bottom:

vmauthd.server.alwaysProxy = “TRUE”

2) Restart the management agents by running:

/etc/init.d/mgmt-vmware restart

3) Disconnect and reconnect the Virtual Infrastructure Client or VirtualCenter from the ESX server.

This will avoid the authd redirection and it should allow your remote console to function properly.

How to build redhat kernel for VMware for time issue

Anyways, here’s how you do it:
1) download kernel source. I got mine from:
ftp://ftp.redhat.com/pub/redhat/linux/u … EL.src.rpm 2) install source:
rpm -i kernel-2.6.9-34.0.2.EL.src.rpm
(You may need to run “mkdir -p /usr/src/redhat/SOURCES”. If that’s the case, then I’d run “mkdir -p /usr/src/redhat/SOURCES /usr/src/redhat/SPEC /usr/src/redhat/RPMS /usr/src/redhat/SRPMS /usr/src/redhat/BUILD” just in case. ) 3) edit files to include BusLogic driver:
cd /usr/src/redhat/SOURCES edit the following files:
kernel-2.6.9-i686.config
kernel-2.6.9-i686-hugemem.config
kernel-2.6.9-i686-smp.config replace all instances of:
# CONFIG_SCSI_BUSLOGIC is not set
with:
CONFIG_SCSI_BUSLOGIC=m 4) make a patch change the Internal kernel timer frequency.
cd /usr/src/redhat/SOURCES
tar jxvf linux-2.6.9.tar.bz2
mkdir -p linux-2.6.9-vmware/include/asm-i386
cp -pr linux-2.6.9/include/asm-i386/param.h linux-2.6.9-vmware/include/asm-i386/param.h
open linux-2.6.9-vmware/include/asm-i386/param.h
change
# define HZ 1000 /* Internal kernel timer frequency */
to
# define HZ 100 /* Internal kernel timer frequency */ diff -urN linux-2.6.9/include/asm-i386/param.h linux-2.6.9-vmware/include/asm-i386/param.h > vmware.patch add the patch to the spec file list
open /usr/src/redhat/SPECS/kernel-2.6.spec
added to where it lists the patches (your numbers may vary):
I just made it Patch 5 since it doesn’t exist:
so after the line: Patch4: linux-2.6.9-selected-ac-bits.patch
Patch5: vmware.patch and where it does the prep after the line: %patch4 -p1
%patch5 -p1 5) change the release of your kernel to differentiate:
cd /usr/src/redhat/SPECS
open the file: kernel-2.6.spec and change:
%define release 34.0.2.EL
to
%define release 34.0.2.EL.vmware 6) build the rpm.
rpmbuild -ba –target=i686 /usr/src/redhat/SPECS/kernel-2.6.spec You could use
rpmbuild -bb –target=i686 /usr/src/redhat/SPECS/kernel-2.6.spec
if you only need the binary rpms, but since we modified the source, I like to use ba, so I can reuse the source rpm should I need to compile again.]]>

ESX 3.0 cdrom problem – won’t mount / won’t work for Guest

[root@wesx3 root]# mount /dev/cdrom /mnt/cdrom/
mount: /dev/cdrom: can’t read superblock from /var.log/messages
Apr 27 09:40:06 wesx3 modprobe: modprobe: Can’t locate module ide-cd Fix with the following:
1) remove the line from /etc/vmware/esx.conf by running:
nano /boot/kernelAppend = “hda=ide-scsi”
2) remove hda=ide-scsi from /etc/grub.conf using nano again:
nano /etc/grub.conf
3) reboot the machine. That’s it!]]>

Web access doesn’t work on new install or upgrade of ESX 3

You can run these commands:

esxcfg-vswitch -A serviceconsole vSwitch0

esxcfg-vswif -a -i 192.168.0.2 -n 255.255.255.0 -p serviceconsole vswif0

That should be it. The new interface is vswif0 rather than eth0.

This problem is common among upgrades that have 2 nics shared between the service console / vmkernel.

ESX VMkernel doesn’t load 0xbad0013

After install process completes, on first boot of ESX system the following error messages appear:

VGA: 297: VGA start b8000 end c0000 mapped start c00b8000 char height 16

VGA: 397:

VGA: 425: 0

Console: switching to colour VMNIX-VGA 80×25

VGA: 465: 0

Console: switching to colour VGA+ 80×25

WARNING: Mod: 2434: Initialization of vmkernel failed, status 0xbad0013

Mod: 4406: Waiting for vmklogger to dump log buffer…

Warning: Mod: 4429: Dumping vmkernel log buffer (5162 bytes):

after the rest of the Service console loads it indicates that a critical error and that the vmkernel didn’t load

We’re running on an HP DL385 (dual opeteron at 2.6 GHz) running the VMware Starter edition off of an array.

Strange – the solution of the problem was just to put the DIMMs into the right place – the memory was placed incorrectly as we didn’t read the decals on the box. hehe…

Synchronizing with time server: [FAILED]

ntpd: Synchronizing with time server: [FAILED]
Starting ntpd: [ OK ]

When does it do the sync?

# Synchronize with servers if step-tickers exists

# or the -x option is used
echo -n $”$prog: Synchronizing with time server: ”
/usr/sbin/ntpdate $dropstr -s -b -p 8 $tickers 2>/dev/null >/dev/null
RETVAL=$?
[ $RETVAL -eq 0 ] && success || failure It does the sync when the /etc/ntp/step-tickers file is there. [root@localhost ~]#

cat /etc/ntp/step-tickers
time.vmware.com

Why would this happen? Strange stuff…

[root@localhost ~]# /etc/init.d/ntpd stop
Shutting down ntpd: [ OK ]
[root@localhost ~]# ntpdate time.vmware.com
28 Jun 10:49:44 ntpdate[25663]: step time server 10.16.12.148 offset 90.895171 sec

The ntpdate command doesn’t fail … wonder why… tail /var/log/messages shows:
Jun 28 10:52:31 localhost ntpd: ntpd shutdown failed
un 28 10:52:31 localhost ntpdate[26038]: can’t find host time.vmware.com
Jun 28 10:52:31 localhost ntpdate[26038]: no servers can be used, exiting
Jun 28 10:52:31 localhost ntpd: failed
Jun 28 10:52:31 localhost ntpd[26043]: ntpd [email protected] Wed Nov 17 15:43:55 EST 2004 (1)
Jun 28 10:52:32 localhost ntpd: ntpd startup succeeded

Can’t find host? Why’s that? Let’s try using the IP address instead of the name in the step-tickers file. Well, the IP address fixes it in Redhat Enterprise Linux 4, but I had this problem with ESX server (based on Redhat 7.2).

The problem was
[root@localhost ~]# file /etc/ntp/step-tickers
/etc/ntp/step-tickers: ASCII text, with CRLF line terminators The file was a DOS file. When the problem was in ESX, I was able to see the ^M character in /var/log/messages, so I was able to fix it after finding that. Fun stuff huh?

Here are the steps to get ESX to act as an NIS client

Here are the steps to get ESX to act as an NIS client:

1) download & install ypbind / yptools packages from redhat 7.2

2) authconfig to modify server info

3) modified /etc/pam.d/sshd and vmware-authd file to use different modules – copying the system-auth to replace sshd/vmware-authd will work.

VMware – migrating virtual disk from GSX to ESX

Here are the steps for importing a GSX VM to ESX:

1) Here’s how to convert the vmdk file into 2gb chunks:

vmware-vdiskmanager -r sourceDisk.vmdk -t 0 targetDisk.vmdk

2) Share the folder of the new targetDisk with Windows.

3) Make temp directory and mount Windows shared folder on the ESX server:

a) mkdir /mnt/tempwindowsmountpoint

b) mount -t smbfs -o username //gsxserver/sharename /mnt/tempwindowsmountpoint

4) Import vmdk

vmkfstools -i /mnt/tempwindowsmountpoint/targetDisk.vmdk /vmfs/vmfs/newtargetDisk.vmdk

5) Create new VM in ESX and point to the newtargetDisk.vmdk

6) Start up new VM.

Regards,

Alton

Apache SSL Self-Signed Certificates Without Passphrase

taken from: http://www.rpatrick.com/tech/makecert/

Following is a quick listing of the commands you need to use when setting up an SSL key for Apache that doesn’t require a passphrase to be entered during normal operations, and includes a self-signed certificate so you needn’t bother with cert requests and CAs. The sequence of events is to create a 3DES key, remove the passphrase, and then generate a self-signed certificate.

The following commands are to be entered via the command line, with each openssl statement requiring interactive input. Performed on Red Hat Linux, these instructions ought to also work on other flavors of Unix with OpenSSL and Apache installed.

openssl genrsa -des3 -out pass.key 1024
openssl rsa -in pass.key -out server.key
openssl req -new -key server.key -x509 -out server.crt -days 999

cp server.key /etc/httpd/conf/ssl.key/
cp server.crt /etc/httpd/conf/ssl.crt/

apachectl restart

Verifying that Apache has the correct SSL directives and is using the correct key and certificate created above is left as an exercise for the webmaster.

If your system has a Makefile or symlink in the Apache conf directory, you can opt to pursue an earlier method to this madness using the below steps (provided here only for completeness):

cd /etc/httpd/conf
/usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
chmod go-rwx /etc/httpd/conf/ssl.key/server.key
make testcert

Optionally, if you need a server.pem file for a given application, such as courier-imapd, use the following to create the .pem file from the previously created certificate and key:

cat server.key server.crt >server.pem

Using the above method you can enjoy the encryption protection provided by SSL without having to pay a commercial vendor to sign your server keys. If you don’t like the popup presented by some applications (e.g. web browsers) about an untrusted certificate, simply follow the process provided by your application to import or install the certificate, at which point you will no longer have to deal with future dialog boxes regarding an untrusted site.