Category Archives: Linux

Issues with Mounting a CIFS Share on the vRO Appliance

This article on the vCOTeam site details how to mount a CIFS share on the vRO Appliance so that workflows can write files directly to a Windows File Share rather than using another process to copy the file over there.

This was straightforward to implement in a lab scenario, however within a corporate environment with more restrictions around security and networking it can potentially be more of a challenge. Specifically we encountered the following error response from a Windows Server seemingly configured correctly for Share and NTFS permssions on the folder to mount:

Status code returned 0xc0000022 NT_STATUS_ACCESS_DENIED
CIFS VFS: Send error in SessSetup = -13
CIFS VFS: cifs_mount failed w/return code = -13

This post on a Centos forum helped us track down the problem, i.e. there was at least one Group Policy restricting the use of NTLM.

“It turned out in my case to be a Group policy which was set to Send NTLMv2 responses only. Refuse LM and NTLM. I changed this to Send LM & NTLM -use NTLMv2 session security if negotiated.

Located at: Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options. The policy is called: Network Security: Lan Manager authentication level.”

In our case there were also other NTLM policies that needed to be considered, so worth checking any of these:

Also worth checking the policy: Microsoft network server: Digitally sign communications (always):

It is also possible to use different security settings within the /etc/fstab file on the vRO appliance, eventually we settled on sec=ntlmssp, however I believe the following are also possibilities: sec=ntlm, sec=ntlmv2, sec=ker5 and sec=ker5i

You may also want to consider using a credentials file rather than the username=xxx,password=xxxx in the /etc/fstab file if you want to get this past your security person 😉

PowervRA – Now available on OS X and Linux via PowerShell Core!

Back Story

For a while Craig and I have had a number of requests regarding offering OS X and Linux support to PowervRA, particularly since in case you weren’t aware PowerShell is now available on those OSs and 3rd party modules such as PowerCLI are heading towards supporting that. We first looked at offering this support for PowervRA when the first Alpha release of PowerShell Core was shipped, however we were blocked by a couple of issues, particularly this one regarding certificate checking.

However, back in December I read about how the guys who maintain PowerNSX had been able to offer PowerShell Core support and they had also been blocked by that same issue which has now been resolved. So we updated to PowerShell Core Alpha 14 and started testing again – it seemed that another blocking issue around JSON responses had also been resolved, so things were looking good.

As it turned out, there weren’t a significantly large amount of changes which actually needed to be made on our side – some changes to the Connect-vRAServer and Invoke-vRARestMethod functions to do different things depending on whether PowerShell Core is being used. The scale of community feedback to the alpha releases of PowerShell Core and the efforts of the PowerShell team at Microsoft look like they have had a great impact and covered off a lot of the issues we might have had and the feedback has been quickly taken into subsequent alpha releases.

We benefited from the fact that we have previously invested quality time in producing integration tests for PowervRA, consequently we were able to run the same tests using a PowerShell Core client and only ended up with a couple of bugs that we are currently unable to resolve (here and here) , but looks like at least one of them is scheduled to be fixed for us via a milestone of PowerShell Core beta.

So in release 2.0.0 of PowervRA we are very pleased to bring you support for PowerShell Core!

Requirements

You will need:

PowerShell Core Alpha 14 + ….instructions on getting it installed for different OS flavours can be found here.

PowervRA 2.0.0 + . Get a copy of PowervRA onto the Linux  or OS X machine you want to run it from. Use the following to download it  from the PowerShell Gallery:

or manually copy the module yourself to one of the locations listed in $env:PSModulePath, for example:

In Action

OS X

Here’s PowervRA on my Macbook:

Connect to vRA

Retrieve Blueprint Details

Update a Reservation Policy

Ubuntu 16.04

Here’s PowervRA on Ubuntu 16.04:

Connect to vRA

Retrieve Business Group Details

Update a Network Profile

 

Docker

Craig has done some cool work to make PowervRA available via Docker. Check out his blog post for more details.

Also, many thanks to Alan Renouf for suggesting PowervRA now be made available hosted in the PowerCLI Core Docker Hub too.

Side Note

In PowervRA 2.0.0 we have also made some under the hood changes that it is worth being aware of (check the changelog for more details):

  • Module Restructure Part 1: we changed the functions from being their own individual nested modules in *.psm1 files to more simply being in *.ps1 files and made part of the module in a different way. This was a way I had historically put my modules together, but now have spent some time improving on it to a better way.
  • Module Restructure Part 2:  a number of functions had been marked in recent releases as deprecated, they have now been removed.
  • Module Restructure Part 3: we had previously started moving the functions into folders based on their API endpoint, this is now complete across all of the functions:

Issues

We believe we have covered off most issues with using PowervRA on PowerShell Core via our testing process, but if you do experience anything we have missed then please let us know here.

We are aware of one issue with running PowervRA on CentOS, which appears to be something not just relevant for us and should get fixed upstream in .Net Core.

Summary

We’re really pleased to be able to bring this support to PowervRA and much kudos to the PowerShell team and the wider community for making it both possible and relatively straightforward. We hope you find it useful given we know a significant part of our potentially user base are OS X users.

Also stay tuned because we are not stopping there. There is other planned new PowervRA functionality on the horizon ……

Setting up a Minecraft Spigot Server in Windows Azure

I needed to setup a Minecraft server so that one of my kids could play online against a friend who had moved to another continent and they wanted a few different ways to stay in touch. Since one half of the friendship doesn’t have Xbox Live, but both have the PC / Mac version I figured I could sort out a hosted server for them to play on. There are plenty of places around that will host one for you for a small fee, but since I had some monthly Windows Azure credits via my MSDN subscription I figured I’d have a go setting up my own one and see how that went.

Initially I looked at deploying a pre-packaged Minecraft server from the Azure Marketplace, but the first two attempts failed to deploy so I looked at other possible options.

Minecraft01It seemed a popular choice when people were setting up their own was a Spigot version, partly because it looks like there are loads of different plugins which can be added at a later date. So I went down that route.

Deploying an Ubuntu VM

From the Azure portal I selected to deploy a new VM from the Gallery:

Minecraft02

Then picked the latest version of Ubuntu available in there:

Minecraft03

Fill out the Virtual Machine configuration dialogue. Note: to use SSH key authentication you need to supply an X.509 certificate.

Minecraft04

Enter some more configuration details on the next page, including which datacenter region to host the VM in. Also be sure to add an additional port as an endpoint to include that which the Minecraft game needs, 25565.

Minecraft05

On the last page, check you are happy with the selections and then tick to go!

Minecraft06

Sit back in comfort and wait for the VM to deploy:

Minecraft07

 

Once complete, you’ll have a nice VM ready for you:

Minecraft08

 

I hadn’t used Azure before and found it to be quite a nice experience overall.

Install Java

Connect with SSH to the VM and check whether Java is installed:

Minecraft09

Install Java:


sudo apt-get install openjdk-7-jre-headless

then confirm it is installed:


java -version

Minecraft10

Install Minecraft Spigot

*Full details can be found here*

Make a directory for downloading the Spigot build tools to and download the file:


sudo mkdir -p /opt/Minecraft/build

cd /opt/Minecraft/build/

sudo wget https://hub.spigotmc.org/jenkins/job/BuildTools/lastSuccessfulBuild/artifact/target/BuildTools.jar

Run BuildTools.jar from the terminal – this took about 10+ mins for me:


sudo git config --global --unset core.autocrlf

sudo java -jar BuildTools.jar

Minecraft11

 

Eventually you should get something like this for a successful completion:

Minecraft12

Create a new directory to host the compiled jar file and copy it there:


sudo mkdir /opt/Minecraft/play

sudo cp /opt/Minecraft/build/spigot-1.8.7.jar /opt/Minecraft/play/spigot.jar

Create a new startup script (start.sh) in the directory to launch the the JAR:


sudo vi /opt/Minecraft/play/start.sh

paste the following code into the start.sh file:


#!/bin/sh

java -Xms512M -Xmx1024M -XX:MaxPermSize=128M -jar spigot.jar

Add run capabilities to the start.sh script. Run the start.sh script to start the initial run of the server, you’ll be prompted that the EULA needs agreeing to:


sudo chmod +x start.sh

sudo ./start.sh

Minecraft13

Edit eula.txt and set eula=true


sudo vi eula.txt

Minecraft14

 

Run the startup script again and this time the server will start fully:


sudo ./start.sh

Minecraft15

Typing help at this point will give a list of commands that can be used interactively. You can also set the configuration of the game by issuing a stop then editing the server.properties file.

Minecraft16

Now would be a good time to test you have set things up correctly. Fire up the Minecraft game and head into Multiplayer. Add a server and enter the details:

Minecraft18

Once complete, the server should appear as available to connect to:

Minecraft19

Oh no, it’s night time already!

Minecraft20

Run Spigot as a service

Now all we need to do is run the Spigot server as a service, rather than interactively, otherwise the game dies when we drop the SSH session.

(Note: I expect there is a better way to do this than what I came up with, but I’m by no means a Linux expert, so feel free to leave a comment if you have a better way)

Create a minecraft.service file


sudo vi /etc/systemd/system/minecraft.service

Paste the following into that file:


[Unit]
Description=Minecraft Server
[Service]
WorkingDirectory=/opt/Minecraft/play
ExecStart=/opt/Minecraft/play/start.sh
[Install]
WantedBy=multi-user.target

Start the service and check the status:


sudo systemctl start minecraft.service

sudo systemctl status minecraft.service

All being well you should see the service begin to start up:

Minecraft21

 

 

Using SSH to Access Linux Servers in PowerShell

A question I’ve fielded now and again in the past, “Can I use PowerShell to access Linux servers?”. Among others, there were a few answers I could give of varying degrees of usefulness depending on the requirements:

I was recently asked this again at my current workplace and discovered a project I hadn’t seen previously, a PowerShell module based on the SSH.NET library.

Once you have downloaded and imported the module, check out what is available:


Get-Command -Module SSH-Sessions

SSH1

To work with a Linux server, first of all you need to establish a session to the server with New-SshSession (I think this cmdlet would benefit from a Credential parameter):


New-SshSession -ComputerName PuppetVM -Username root -Password puppet

SSH2

Examine our connected sessions:


Get-SshSession | Format-Table -AutoSize

SSH3

 

It’s possible to now enter an interactive session with this VM and run some commands, for example to look at the OS and disk space:


Enter-SshSession -ComputerName PuppetVM

cat /proc/version

df -h

exit

SSH4

 

Similar to Invoke-Command in Windows you can use Invoke-SshCommand to send commands to an established session and receive results back (Note: you can use the -Quiet parameter if you don’t wish to see the display on screen):


$Query = Invoke-SshCommand -ComputerName PuppetVM -Command "ls /root"

SSH5

We can now work with these results from the $Query variable. What we get back looks like multiple strings, but is actually an object with a (long) single string


$Query.GetType()

$Query.Count

$Query[0].GetType()

SSH6

However, we can work with these a bit easier, should we need to, by breaking them up into individual strings:


$Strings = $Query[0] -split "`n"

$Strings

$Strings.Count

SSH7a

So far I’ve found this module pretty useful. There are few drawbacks I’ve found so far, including some limitations with ESXi 5.0 and above which are mentioned on the web page, but I hope this project will continue to be updated further.