User Tools

Site Tools


vmware

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
vmware [2014/11/24 02:11]
ben
vmware [2021/11/25 21:29]
ben
Line 1: Line 1:
 ====== VMware ====== ====== VMware ======
  
-===== Installation Guides ===== +===== vCenter =====
-  * [[VMware Server on Ubuntu]]+
  
-The vmware-server-2 web interface can be rather annoying to use. fortunately, the VMware Infrastructure Client can be used to talk to vmware-server instead. The installer for this is actually provided with the vmware-server installation, but does not seem to be linked anywhere from the web interface. To get a copy for yourself, visit https://vmware.sihnon.net:8333/client\VMware-viclient.exe, where ''vmware.sihnon.net'' is the hostname of your machine.+==== OIDC SSO authentication via KeyCloak ====
  
-===== Troubleshooting VMware Server ===== +Officially vCenter 7 adds support for OIDC for ADFS only, however with some tweaks, it can be made to work using KeyCloak instead.
-==== Host Agent Service won't start ==== +
-If the vmware host agent service wont start on Vista and issues the error:+
  
- The VMware Host Agent service terminated with service-specific error 4294967295 (0xFFFFFFFF).+  * Ensure KeyCloak docker container is running with env vars <code bash> 
 +JAVA_OPTS_APPEND = "-Dkeycloak.profile.feature.scripts=enabled -Dkeycloak.profile.feature.upload_scripts=enabled" 
 +</code> 
 +  * Add a client with ID ''vmware'' 
 +  * Ensure enabled, standard flow and direct access grants are enabled 
 +  * For the Root URL, Admin URL, Web Origins, use ''https://vcenter.fqdn'' 
 +  * For Valid Redirect URIs use ''https://vcenter.fqdn/ui/login/oauth2/authcode'' or ''https://vcenter.fqdn/*'' 
 +  *  
 +  * For backchannel logout URL use ''https://vcenter.fqdn/ui/login'' and enable Backchannel logout session required 
 +  * Set Client Protocol to ''openid-connect'' and Access Type to ''confidential'' 
 +  * On the Credentials tab, make a note of the secret 
 +  * On the mappers tab: 
 +    * Add a hardcoded claim for claim ''domain'', with the value matching the vmware SSO domain that will be used (e.g. the bit after the @ sign of the username, in my case ''sihnon.net'') 
 +    * Add a script mapper named ''nameid'' with value: <code javascript> 
 +token.setSubject(user.getUsername()); 
 +</code> This sets the ''sub'' claim in the JWT to be the plain username, as opposed to the internal keycloak user UUID which is the default. Without this, vcenter can't match to a user from LDAP 
 +  * Under Realm Settings -> Endpoints, right click ''OpenID Endpoint Configuration'' and copy the URL
  
-Then it is highly likely that the file ''c:\ProgramData\VMware\VMware Server\hostd\datastores.xml'' file has become corrupt. Check and remove itthen copy the datastores.xml.original file in its place and the service should start up.+Under vCenter -> Administration -> Single Sign On -> Configuration 
 +  * Click ''Change identity provider'' and select ''ADFS'' 
 +  * Under Client Identifier, enter ''vmware''or the value picked for client ID in keycloak 
 +  * Under shared secret, enter the secret noted earlier 
 +  * Under OpenID address, paste the URL noted earlier 
 +  * Fill in the LDAP details when promptedBe sure to upload the root CA certificate (needed even for LetsEncrypt certs)
  
-==== "host clock rate change request" Messages in Syslog ==== +If there are certificate errorstry also adding the LetsEncrypt root cert under vCenter -Administration -> Certificates -> Certificate ManagementIf this view does not render in chrometry firefoxor logging in with ''Administrator@vsphere.local''
-On Ubuntuedit the syslog configuration, ''/etc/syslog.conf''> +
- +
- # Replace this... +
- *.*;auth,authpriv.none     -/var/log/syslog +
- # ... with this +
- *.*;auth,authpriv.none;kern.!=debug     -/var/log/syslog +
- +
-Alternativelyadd '';kern.!=debug'' to the end of the first half of the line. This will remove kernel debug messages from syslog. +
- +
-==== "You do not have permissions to login to the server" ==== +
-Only members of the vmware admin group may log into vmware. This user is set by the ''vmware-config'' script at install time, and defaults to ''vmware'' on gentoo. Ensure that your user appears in this group with: +
-{{Command|<code bash> +
-getent group vmware +
-</code>}} +
- +
-===== Troubleshooting VMware Server Console ===== +
-==== Incorrect keyboard map ==== +
-If certain keys such as the arrow keys and page up/down don't work, then vmware console has picked up the wrong keyboard map. To fix it, run the following command, and restart the console: +
-{{Command|<code bash> +
-echo "xkeymap.nokeycodeMap = true" >> ~/.vmware/config +
-</code>}} +
- +
-===== See Also ===== +
-  * http://www.travisjbailey.com:81/weblog/index.php?itemid=882 - Original article for the datastore corruption fix +
-  * http://www.linuxscrew.com/2008/12/19/vmware-server-console-keyboard-problem-in-ubuntu-intrepid-ibex/ - Original article for the console keyboard fix+
vmware.txt · Last modified: 2024/01/30 13:56 by ben