Differences

This shows you the differences between two versions of the page.

--- vmware [2014/11/24 01:14]
0.0.0.0 created
+++ vmware [2024/01/30 13:56] (current)
ben [Reset Eval license]
@@ Line 1: / Line 1: @@
 ====== VMware ======
-===== Installation Guides =====
+===== NUC =====
-  * [[VMware Server on Ubuntu]]
-The vmware-server-2 web interface can be rather annoying to use. fortunately, the VMware Infrastructure Client can be used to talk to vmware-server instead. The installer for this is actually provided with the vmware-server installation, but does not seem to be linked anywhere from the web interface. To get a copy for yourself, visit https://vmware.sihnon.net:8333/client\VMware-viclient.exe, where <tt>vmware.sihnon.net</tt> is the hostname of your machine.
+th gen nuc needs a customised install with either the net-community vib or the usbnic fling slipstreamed in.
-===== Troubleshooting VMware Server =====
+  * Instructions for building a slipstreamed install USB stick: [[https://www.virten.net/2020/04/how-to-add-the-usb-nic-fling-to-esxi-7-0-base-image/]]
-==== Host Agent Service won't start ====
+  * usbnic fling (used by usb-c dock): [[https://flings.vmware.com/usb-network-native-driver-for-esxi]]
-If the vmware host agent service wont start on Vista and issues the error:
+  * net-community drivers (needed for nuc8 onboard nic): [[https://flings.vmware.com/community-networking-driver-for-esxi]]
- The VMware Host Agent service terminated with service-specific error 4294967295 (0xFFFFFFFF).
+===== vCenter =====
-Then it is highly likely that the file <tt>c:\ProgramData\VMware\VMware Server\hostd\datastores.xml</tt> file has become corrupt. Check and remove it, then copy the datastores.xml.original file in its place and the service should start up.
+==== OIDC SSO authentication via KeyCloak ====
-==== "host clock rate change request" Messages in Syslog ====
+Officially vCenter 7 adds support for OIDC for ADFS only, however with some tweaks, it can be made to work using KeyCloak instead.
-On Ubuntu, edit the syslog configuration, <tt>/etc/syslog.conf</tt>>
- # Replace this...
+  * Ensure KeyCloak docker container is running with env vars <code bash>
- *.*;auth,authpriv.none     -/var/log/syslog
+JAVA_OPTS_APPEND = "-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled"
- # ... with this
+</code>
- *.*;auth,authpriv.none;kern.!=debug     -/var/log/syslog
+  * Add a client with ID ''vmware''
+  * Ensure enabled, standard flow and direct access grants are enabled
+  * For the Root URL, Admin URL, Web Origins, use ''https://vcenter.fqdn''
+  * For Valid Redirect URIs use ''https://vcenter.fqdn/ui/login/oauth2/authcode'' or ''https://vcenter.fqdn/*''
+  *
+  * For backchannel logout URL use ''https://vcenter.fqdn/ui/login'' and enable Backchannel logout session required
+  * Set Client Protocol to ''openid-connect'' and Access Type to ''confidential''
+  * On the Credentials tab, make a note of the secret
+  * On the mappers tab:
+    * Add a hardcoded claim for claim ''domain'', with the value matching the vmware SSO domain that will be used (e.g. the bit after the @ sign of the username, in my case ''sihnon.net'')
+    * Add a script mapper named ''nameid'' with value: <code javascript>
+token.setSubject(user.getUsername());
+</code> This sets the ''sub'' claim in the JWT to be the plain username, as opposed to the internal keycloak user UUID which is the default. Without this, vcenter can't match to a user from LDAP
+  * Under Realm Settings -> Endpoints, right click ''OpenID Endpoint Configuration'' and copy the URL
-Alternatively, add <tt>;kern.!=debug</tt> to the end of the first half of the line. This will remove kernel debug messages from syslog.
+Under vCenter -> Administration -> Single Sign On -> Configuration
+  * Click ''Change identity provider'' and select ''ADFS''
+  * Under Client Identifier, enter ''vmware'', or the value picked for client ID in keycloak
+  * Under shared secret, enter the secret noted earlier
+  * Under OpenID address, paste the URL noted earlier
+  * Fill in the LDAP details when prompted. Be sure to upload the root CA certificate (needed even for LetsEncrypt certs)
-==== "You do not have permissions to login to the server" ====
+If there are certificate errors, try also adding the LetsEncrypt root cert under vCenter -> Administration -> Certificates -> Certificate Management. If this view does not render in chrome, try firefox, or logging in with ''Administrator@vsphere.local''
-Only members of the vmware admin group may log into vmware. This user is set by the <tt>vmware-config</tt> script at install time, and defaults to <tt>vmware</tt> on gentoo. Ensure that your user appears in this group with:
-{{Command|<source lang="bash">
-getent group vmware
-</source>}}
-===== Troubleshooting VMware Server Console =====
+====== Reset Eval license ======
-==== Incorrect keyboard map ====
-If certain keys such as the arrow keys and page up/down don't work, then vmware console has picked up the wrong keyboard map. To fix it, run the following command, and restart the console:
-{{Command|<source lang="bash">
-echo "xkeymap.nokeycodeMap = true" >> ~/.vmware/config
-</source>}}
-===== See Also =====
+https://marte-it.at/en/reset-esxi-evaluation-license/
-  * http://www.travisjbailey.com:81/weblog/index.php?itemid=882 - Original article for the datastore corruption fix
-  * http://www.linuxscrew.com/2008/12/19/vmware-server-console-keyboard-problem-in-ubuntu-intrepid-ibex/ - Original article for the console keyboard fix
+  * Start the SSH service on the ESXi host
+  * Start a SSH connection with a SSH client (e.g. PuTTY)
+  * Delete the current license: <code bash>
+rm -r /etc/vmware/license.cfg
+</code>
+  * Copy the new license: <code bash>
+cp /etc/vmware/.#license.cfg /etc/vmware/license.cfg
+</code>
+  * Restart the VPXA service: <code bash>
+/etc/init.d/vpxa restart
+</code>

Sihnon wiki

User Tools

Site Tools

Differences

Page Tools