Blog

Proxmox est une plateforme de virtualisation vraiment simple, mais permettant de faire un grand nombre de chose sans se prendre la tête. Cependant le monitoring de Proxmox nécéssite, avec LibreNMS, un certain nombre d’étape parfois pas totalement bien documentées, ou avec le besoin d’aller dans trop de morceaux de documentation différents pour avoir une supervision “Tip Top”. Je vais lister ici, l’ensemble des modifications à apporter à vos machines hôtes pour avoir un maximum d’information au travers de LibreNMS.

Qui n’a jamais été victime d’un scan de son firewall/parefeu à la recherche d’un accès ssh ? Dans mon cas, je dois impérativement passer par le port standard(22) pour me connecter, sinon, les firewalls des firmes pour lesquelles je travaille ne me laissent pas passer. Dés lors, les “scans” pleuvent de partout: Asie Russie Allemagne (souvent en provenance de machines mal configurées chez Hetzner(par exemple)). Afrique A fin de limiter la taille de mes logs, sur mon petit APU 2C4, j’ai installé OPNsense (un firewall/parefeu open source et gratuit, developpé par la société Deciso B.V.), et j’ai mis en place le filtrage par “GeoIP”. Ainsi, En créant un alias avec comme type “GeoIP”, on peut selectionner les zones que l’on accepte basé sur une liste “communautaire”. Il peut y avoir des erreurs, mais des tests effectués pendant quelques heures, aucune des IPs geolocalisées en Belgique, France, Luxembourd et aux Pays-Bas ne…

Read more

This is an example how to move a Virtual Machine in yavijava:

 

 

UCS Performance Manager is another “wonderful” product of Cisco for monitoring your physical and virtual infrastructure. Requirements: 8 vCPUs 40 GB of memory The upgrade should be easy, but it’s not. My upgrade process was stuck due to the process zenmail blocked in running mode. Then to be able to upgrade I had to open 2 shell sessions: 1 with the upgrade process 1 with the root shell During the process, I have got a quick look at /mnt/cdrom/update-zenoss.sh

The script was hanging every time, it had to stop all services with serviced daemon. After a quick look, the interesting line was: serviced service status --show-fields 'Status' 2>/dev/null | grep -v "Stopped" | grep -v "Status" | grep -v ^[[:space:]]*$ During 60 retries, the result was “Running” but to go further, it should be “Stopped”. One service was still running every time: zenmail To stop the zenmail process:

Select the serviceID and execute the following command: serviced service stop 6bnlfl5qzog18j4mrnxszllyx Then wait till the end of the…

Read more

Instead of passwords managed locally, It’s time to use an LDAP/Active Directory to be able to manage users without restarting the Prime Service Catalog. This modification has been done on a Custom Installation of Cisco Prime Service Catalog 11.1.1 Patch 3 and should be compatible with 11.2 (future version) as well. First, make a backup of your configuration directory (on our environment, we use git with gitlab Community Edition, to keep an history of all our modifications). Location:  /opt/cisco-psc/wildfly-8.2.0.Final/ServiceCatalogServer/configuration File to edit:  standalone-full.xml Edit the section security-realm and change the subsection ManagementRealm like this:

Edith the section security-domains and add a subsection security-domain like this:

And a file AD_GroupsMapping.properties containing the mapping between a specific usersgroup and the management group in Wildfly like this:

Then restart the Service Catalog with  systemctl restart servicecatalog And you should be able to log in with an user defined on your LDAP/ActiveDIrectory server.

In the file “inframgr.env”, located in “/opt/infra/bin/”:

Add in the variable ORDERED_JARS, the path of all your libraries. Example here, we added the Jersey Client Libraries:

Save the file and then call /opt/shelladmin

Stop Services and Start Services. Wait until the “cloud page” has disappeared.

Have a look at:  /opt/CiscoPrimeServiceCatalog  and in the directory  bin , open the file  setEnv.sh and you should have something like this:

and change the variable  JAVA_HOME with the new path of your JAVA jre. Tips Use the command  update-alternatives --display java

Take the value following the Current ‘best’ version  /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre

How to get the Virtual Machine Identity (vmId) with its name. Create a custom task with this code:

Inputs: VMname (Virtual machine Name) in a string accountName (vCenter Account Name in UCS Director) Outputs: vmId (Virtual Machine Identity for UCS Director)

Cloupia script is THE scripting language from Cisco UCS Director. Cloupia is a mix between Javascript and Java. The code is interpreted by Nashorn (the Javascript engine from JRE/JDK).

imporPackage has the same role as import from a pure Java code. import java.lang.*  is in cloupia importPackage(java.lang);

10/88