Esxi introduces a brand new service oriented firewall (not based on iptables).
It can be manipulated with the gui or the cli. It also allows new rules to be added if necessary via the implementation of xml files.
Demo:
# grep firewall /etc/vmware/esx.conf
# more /var/log/esxcli.log
# esxcli network firewall get
# esxcli network firewall ruleset list
# vi /etc/vmware/firewall/fake-ftp.xml
<configroot>
<service>
<id>fake-ftp</id>
<rule id='0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<port>21</port>
</rule>
<enabled>false</enabled>
<required>false</required>
</service>
</configroot>
# esxcli network firewall refresh
# esxcli network firewall ruleset list
# esxcli network firewall ruleset rule list | grep fake-ftp
Note:
If you prefer to edit the default file, back it up first and add a sticky bit to it.
# chmod 1777 service.xml
Wednesday, September 7, 2011
How to Install and Use the Vsphere 5 Syslog Collector
10 Steps to configure the Syslog Collector
01. Using the vcenter server cd, install the syslog collector
02. Connect to your vcenter server and click on Home
03. Click on the new Syslog Collector icon to verify its installation
04. Go to Hosts and Clusters
05. Select your esxi host
06. Go to the Configuration tab
07. Under Software, click on Advanced Settings
08. Click on Syslog, select Remote
09. Input the ip address of the syslog collector (ex: tcp://10.1.1.1:514)
10. Go to home, click on the syslog icon and verify functionality
01. Using the vcenter server cd, install the syslog collector
02. Connect to your vcenter server and click on Home
03. Click on the new Syslog Collector icon to verify its installation
04. Go to Hosts and Clusters
05. Select your esxi host
06. Go to the Configuration tab
07. Under Software, click on Advanced Settings
08. Click on Syslog, select Remote
09. Input the ip address of the syslog collector (ex: tcp://10.1.1.1:514)
10. Go to home, click on the syslog icon and verify functionality
Using Image Builder
What it can do:
Image Builder allows the administrator to create unique esxi iso images that can contain additional vibs (software packages with extra drivers) or remove some of the default packages if they are not needed. Since additional vibs are usually provided by third party vendors, this demo removes drivers not needed in this particular server. Vibs typically contains a descriptor xml, a digital signature file and the actual package of software with additional drivers.
How to create your own iso image:
Step # 1: Connect to the vcenter server using powercli
set-executionpolicy unrestricted
connect-viserver vcenter.acme.com
Step # 2: Add a software depot and verify the results
add-esxsoftwaredepot C:\Depot\mydepot.zip
get-esxsoftwaredepot
Step # 3: Clone the original iso image and modify the new one by removing the vib called net-bnx2 (for broadcom nics)
get-esximageprofile
new-esximageprofile -cloneprofile "Name of Standard Image from Previous Command" -name myprofile
get-esxsoftwarepackage
remove-esxsoftwarepackage -imageprofile myprofile -softwarepackage net-bnx2
Step # 4: Create a new, modified iso image
export-esximageprofile -imageprofile myprofile -exporttoiso -filepath C:\Depot\myprofile.iso
Image Builder allows the administrator to create unique esxi iso images that can contain additional vibs (software packages with extra drivers) or remove some of the default packages if they are not needed. Since additional vibs are usually provided by third party vendors, this demo removes drivers not needed in this particular server. Vibs typically contains a descriptor xml, a digital signature file and the actual package of software with additional drivers.
How to create your own iso image:
Step # 1: Connect to the vcenter server using powercli
set-executionpolicy unrestricted
connect-viserver vcenter.acme.com
Step # 2: Add a software depot and verify the results
add-esxsoftwaredepot C:\Depot\mydepot.zip
get-esxsoftwaredepot
Step # 3: Clone the original iso image and modify the new one by removing the vib called net-bnx2 (for broadcom nics)
get-esximageprofile
new-esximageprofile -cloneprofile "Name of Standard Image from Previous Command" -name myprofile
get-esxsoftwarepackage
remove-esxsoftwarepackage -imageprofile myprofile -softwarepackage net-bnx2
Step # 4: Create a new, modified iso image
export-esximageprofile -imageprofile myprofile -exporttoiso -filepath C:\Depot\myprofile.iso
Subscribe to:
Posts (Atom)