Yellow Bricks

Two new pdf’s!

Duncan Epping · Aug 16, 2008 ·

There are two new pdf’s online…

Management and Automation Products: Deployment Approaches and Considerations:
VMware Management and Automation products provide datacenter automation solutions in IT service delivery and business continuity. These products can be deployed across a shared VMware Infrastructure platform. This paper presents technical guidance and considerations when deploying these products together on a shared VI platform. [Link]

Timekeeping in VMware Virtual Machines:
This paper describes how timekeeping hardware works in physical machines, how typical guest operating systems use this hardware to keep time, and how VMware products virtualize the hardware. [Link]

I’ve never seen this before. I wrote an article about root SSH access to a ESXi system. Today I noticed a blog entry that describes how you can disable root access for SSH and create users which can use “su” to become root! Cool stuff.

Check the article here! Here’s the procedure:

Log in to the console,
edit the inetd.conf:

vi /etc/inetd.conf

search for the following line (type: “/ssh”) (This is the line you uncommented to enable SSH in the first place.)

ssh stream tcp nowait root /sbin/dropbearmulti dropbear ++min=0,swap,group=shell -i

add -w to the end of this line: (type: “i” for insert mode):

ssh stream tcp nowait root /sbin/dropbearmulti dropbear ++min=0,swap,group=shell -i -w

Exit and save the file (press escape, type “: x”)
Create a /home directory

mkdir /home

Create a new unprivileged user:

useradd your_name

Change the password for this user:

passwd your_name

Reboot the server

reboot

Once rebooted,
Log in with SSH using your new unprivileged user
Use

su –

to change to the root user.
Tested on:
VMware ESXi 3.5.0_Update_2-103909

Practical guide to Business Continuity and Disaster Recovery

Duncan Epping · Aug 13, 2008 ·

VMware released a 232 page PDF titled “A Practical Guide to Business Continuity & Disaster Recovery with VMware Infrastructure”

This VMware® VMbook focuses on business continuity and disaster recovery (BCDR) and is intended to guide the reader through the step-by-step process to set-up a multisite VMware Infrastructure that is capable of supporting BCDR services for designated virtual machines at time of test or during an actual event that necessitated the declaration of a disaster, resulting in the activation of services in a designated BCDR site.

Be sure to pick up this one and read it, it contains a lot of valuable information for every single one of you out there!

VirtualCenter 2.0.2 Update 5

Duncan Epping · Aug 13, 2008 ·

Besides ESX 3.0.3 also a new VC version has been releaded! I did not notice this one yet.

Security Issues

Updates the Apache Tomcat Server
This release of VirtualCenter Server updates the Tomcat server package from 5.5.25 to 5.5.26, to address multiple security issues that existed in the earlier releases of Tomcat server.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, and CVE-2007-6286 to these issues.
For more information, refer to the Apache Tomcat 5.x Vulnerabilities page.

Updates the JRE Package
This release of VirtualCenter Server updates the JRE package from 1.5.0_12 to 1.5.0_15, to address multiple security issues that existed in the earlier releases of JRE.
For more information about security issues fixed in JRE package version 1.5.0_15 and in earlier versions, refer http://java.sun.com/j2se/1.5.0/ReleaseNotes.html.
The following advisories by Secunia list the CVE identifiers related to the fixed security issues in JRE 1.5.0_13, JRE 1.5.0_14, and JRE 1.5.0_15:

http://secunia.com/advisories/ 27009

http://secunia.com/advisories/ 27320

http://secunia.com/advisories/ 28795

http://secunia.com/advisories/ 29239

Note: These vulnerabilities can be exploited remotely only if the attacker has access to the service console network. Security best practices provided by VMware recommend that the service console be isolated from the virtual machine network. For more information on VMware security best practices, refer www.vmware.com/resources/techresources/726.

VirtualCenter Server Users Without the Modify Permission Privilege Can No Longer View User Name Details of Other System Users
Starting with this VirtualCenter Server release, only users with the Modify Permission privilege can view details of other system users. When users with read-only or similar roles attempt to assign permissions to other system users, user name details of other system users are not displayed, instead, a message similar to the following appears:
Permissions to perform this operation was denied.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2008-3514 to this issue.

Virtual Machine Management Issues

e1000 Is the Default Network Adapter Driver for Windows Vista Ultimate 32-Bit Guest Operating Systems
Starting with this release, the Windows Vista Ultimate 32-bit guest operating systems correctly detects the e1000 driver as the default network adapter driver, instead of the vlance driver.

Multiple Virtual Machines Can Be Scheduled to Power On Simultaneously
This release fixes an issue where multiple tasks that are scheduled to power on virtual machines at the same time might result in one of the following:

The scheduled tasks might fail, with log entries similar to the following in the vpxd.log file:
[2008-02-25 03:35:04.185 'App' 6708 verbose] [VpxdMoEventManager] Event[12597]: Task <virtualmachine _name>_PowerON on <virtualmachine _name> in Data Center failed: The request refers to an unexpected or unknown type.

The VirtualCenter Server might stop responding, with log entries similar to the following in the vpxd.log file:
Exception: Not reached! [2008-02-26 03:35:03.260 'App' 4848 error] Backtrace: backtrace[00] eip 0x016dc006 Ordinal788 backtrace[01] eip 0x0167248a Ordinal400….

VirtualCenter Server Accepts Suffix Less Domain Entries When Updating the DNS Configuration of an ESX Server Host
This release fixes an issue where, when updating the DNS configuration of an ESX Server host, the VirtualCenter Server fails to accept valid host domain names that do not have suffixes, and displays an error message similar to the following:
The Domain name is not in the correct format

Viewing the Event Tab Page No Longer Causes the Japanese Version of VirtualCenter Server to Stop Responding
This release fixes an issue where, if an event that writes multi-byte characters to the ARG_DATA column of VPX_EVENT_ARG database table, such as accessing the console of a virtual machine, is followed by viewing the Event tab page, the Japanese version of the VirtualCenter Server might stop responding. Entries similar to the following are logged in the vpxd.log file:
[2008-03-05 17:12:18.161 'App' 5012 verbose] [VdbStatement]Executing SQL: SELECT EVENT_ID, ARG_ID, ARG_TYPE, ARG_DATA, OBJ_TYPE, OBJ_NAME, VM_ID, HOST_ID, COMPUTERESOURCE_ID, DATACENTER_ID, RESOURCEPOOL_ID, FOLDER_ID, ALARM_ID, SCHEDULEDTASK_ID FROM VPX_EVENT_ARG WHERE (EVENT_ID IN (?,?,?,?..........) [2008-03-05 17:12:18.302 'App' 5012 error] An unrecoverable problem has occurred, stopping the VMware VirtualCenter service. Check database connectivity before restarting. Error: Error[VdbODBCError] (-1) ODBC error: () - [2008-03-05 17:12:18.302 'App' 5012 verbose] Backtrace:

Installation Issues

VirtualCenter Server No Longer Fails to Start When Japanese Version of VirtualCenter 2.0.2 Update 2 is Upgraded
The VirtualCenter Server might fail to start when the Japanese version of VirtualCenter 2.0.2 Update 2 is upgraded to VirtualCenter 2.0.2 Update 3, or VirtualCenter 2.0.2 Update 4, with entries similar to the following in the vpxd.log log file:
[2008-05-07 15:56:59.953 'App' 5840 error] [VpxdVdb] Database version value 'VirtualCenter Database 2.0.2u1' is incompatible with this release of VirtualCenter. [2008-05-07 15:56:59.953 'App' 5840 error] Failed to initialize VMware VirtualCenter. Shutting down...
This release fixes the issue. The VirtualCenter Server is capable of starting, when the Japanese version of VirtualCenter 2.0.2 Update 2 is upgraded to VirtualCenter 2.0.2 Update 5.

Starting VM’s problem with 3.5 U2

Duncan Epping · Aug 12, 2008 ·

As everyone probably already knows by now there’s a problem with 3.5 U2. VMware is working on a patch as we speak. There has been a KB article released, but it seems like everyone is clicking on the same link at the same moment cause it’s hard to get a decent respond.

The error message that appears:

This product has expired. Be sure that your host machine’s date and time are set correctly.
There is a more recent version available at the VMware web site: http://www.vmware.com/info?id=4.
————–
Module License Power on failed

In short, the workaround is simple just set the date back and you will be able to power on the VM’s again, it would be smart to set the time to correct value again as soon as you started the VM. As soon as I know more about the new 3.5 U2 update I’ll let you guys know!

And a nice work around from the VMTN forum:

Find the host where a VM is located
run ‘ vmware-cmd -l ‘ to list the vms.
issue the commands:
service ntpd stop
date -s 08/01/2008
vmware-cmd /vmfs/volumes/vm path/vmname.vmx start
service ntpd start