July 12, 2014
Don Cheadle wears a Kangol Flat Cap Hat in the movie volcano

Don Cheadle wears a Kangol Flat Cap Hat in the movie volcano

July 4, 2014
Using Red Hat RDO PackStack to build #OpenStack #Neutron

Many people using OpenStack will start off with Devstack running in a VM on a laptop to get a feel for what is possible but when running VMs or playing around with networking and storage options and running nova to different hypervisors is needed it’s time to install a “real” openstack distribution.  You can build openstack from scratch using the manual installation steps which takes hours but is an excellent learning experience or you can use one of the assisted installation distribution methods.

Red Hat is the leader in the Enterprise Linux space. They make RHEL, CentOS, and Fedora and output code which is used by many other distributions.

Suse, Debian, Canonical Ubuntu and other distros are gaining in popularity and striving to differentiate themselves in the market.

Packstack is a CLI tool created by RedHat employee http://goodsquishy.com/ that uses puppet to script the installation and configuration of OpenStack components on a redhat based operating system.

RedHat started RDO with community-supported packages of the most up-to-date OpenStack releases available for download. They also offer enterprise-level support with the Red Hat Enterprise Linux OpenStack Platform.

To get started with RedHat RDO and install OpenStack in 15 minutes you need a machine with a running OS already.  Open a root shell and a web browser and head over here and follow the 3 simple steps to get setup.

http://openstack.redhat.com/Quickstart

This will get you up and running quickly.  What is great is that an answer file is created which can be edited and reused as more sophisticated configurations are needed. So it’s a great place to start but also offers many sophisticated options under the hood.

Here’s a list of questions you might like to explore:

Welcome to Installer setup utility
Enter the path to your ssh Public key to install on servers [/root/.ssh/id_rsa. pub] :
Should Packstack install MySQL DB [y|n] [y] :
Should Packstack install OpenStack Image Service (Glance) [y|n] [y] :
Should Packstack install OpenStack Block Storage (Cinder) service [y|n] [y] :
Should Packstack install OpenStack Compute (Nova) service [y|n] [y] :
Should Packstack install OpenStack Networking (Neutron) service [y|n] [y] :
Should Packstack install OpenStack Dashboard (Horizon) [y|n] [y] :
Should Packstack install OpenStack Object Storage (Swift) [y|n] [y] :
Should Packstack install OpenStack Metering (Ceilometer) [y|n] [y] :
Should Packstack install OpenStack Orchestration (Heat) [y|n] [n] :
Should Packstack install OpenStack client tools [y|n] [y] :
Enter a comma separated list of NTP server(s). Leave plain if Packstack should n ot install ntpd on instances.:
Should Packstack install Nagios to monitor OpenStack hosts [y|n] [y] :
Enter a comma separated list of server(s) to be excluded. Leave plain if you don ‘t need to exclude any server.:
Do you want to run OpenStack services in debug mode [y|n] [n] :
Enter the IP address of the controller host [192.168.x.x] :
Enter list of IP addresses on which to install compute service [192.168.x.x] :
Enter list of IP addresses on which to install network service [192.168.x.x] :
Do you want to use VMware vCenter as hypervisor and datastore [y|n] [n] : 
Enter the IP address of the VMware vCenter server to use with Nova: 192.168.x.x
Enter the username to authenticate on VMware vCenter server: 
Enter the password to authenticate on VMware vCenter server :
Enter the name of the vCenter datastore: wLSI
Enter the IP address of the MySQL server [192.168.x.x] :
Enter the password for the MySQL admin user :
Confirm password :
Set the AMQP service backend [qpid|rabbitmq] [rabbitmq] :
Enter the IP address of the AMQP service [192.168.x.x] :
Enable SSL for the AMQP service? [y|n] [n] :
Enable Authentication for the AMQP service? [y|n] [n] :
Enter the password for the Keystone admin user :
Confirm password :
Enter the password for the Keystone demo user :
Confirm password :
Enter the Cinder backend to be configured [lvm|gluster|nfs|vmdk] [lvm] : 
Enter the CPU overcommitment ratio. Set to 1.0 to disable CPU overcommitment [1 6.0] : 
Enter the RAM overcommitment ratio. Set to 1.0 to disable RAM overcommitment [1 .5] : 
Enter the bridge the Neutron L3 agent will use for external traffic, or ‘provide r’ if using provider networks [br-ex] :
Enter the name of the L2 plugin to be used with Neutron [linuxbridge|openvswitch |ml2] [ml2] :
Should Packstack install Neutron LBaaS [y|n] [n] : y
Should Packstack install Neutron L3 Metering agent [y|n] [n] : y
Would you like to configure neutron FWaaS? [y|n] [n] : y
Enter a comma separated list of network type driver entrypoints [local|flat|vlan|gre|vxlan] [vxlan] :
Enter a comma separated ordered list of network_types to allocate as tenant networks [local|vlan|gre|vxlan] [vxlan] :
Enter a comma separated ordered list of networking mechanism driver entrypoints [logger|test|linuxbridge|openvswitch|hyperv|ncs|arista|cisco_nexus |l2population] [openvswitch] :
Enter a comma separated list of physical_network names with which flat networks can be created [*] :
Enter a comma separated list of physical_network names usable for VLAN: 
Enter a comma separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation: 
Enter a multicast group for VXLAN: 
Enter a comma separated list of <vni_min>:<vni_max> tuples enumerating ranges of VXLAN VNI IDs that are available for tenant network allocation [ 10:100] :
Enter the name of the L2 agent to be used with Neutron [linuxbridge|openvswitch] [openvswitch] :
Enter a comma separated list of bridge mappings for the Neutron openvswitch plugin: 
Enter a comma separated list of OVS bridge:interface pairs for the Neutron openvswitch plugin:
Enter interface with IP to override the default tunnel local_ip: 
Enter VXLAN UDP port number [4789] :
Would you like to set up Horizon communication over https [y|n] [n] : y
Enter the path to a PEM encoded certificate to be used on the https server, leave blank if one should be generated, this certificate should not require a passphrase:
Enter the SSL keyfile corresponding to the certificate if one was entered:
Enter the CA cahin file corresponding to the certificate if one was entered:
Enter the Swift Storage devices e.g. /path/to/dev:
Enter the number of swift storage zones, MUST be no bigger than the number of storage devices configured [1] :
Enter the number of swift storage replicas, MUST be no bigger than the number of storage zones configured [1] :
Enter FileSystem type for storage nodes [xfs|ext4] [ext4] :
Enter the size of the storage device (eg. 2G, 2000M, 2000000K) [2G] :
Would you like to provision for demo usage and testing [y|n] [y] :
Would you like to configure Tempest (OpenStack test suite). Note that provisioning is only supported for all-in-one installations. [y|n] [n] : y
Enter the network address for the floating IP subnet [172.24.4.224/28] :
What is the uri of the Tempest git repository? [https://github.com/openstack/tempest.git] :
What revision, branch, or tag of the Tempest git repository should be used [master] :
Enter the IP address of the MongoDB server [192.168.x.x] :
Enter the password for the nagiosadmin user :
To subscribe each server to EPEL enter “y” [y|n] [y] :
Enter a comma separated list of URLs to any additional yum repositories to install:
To subscribe each server to Red Hat enter a username :
To subscribe each server to Red Hat enter your password :
To subscribe each server with RHN Satellite enter RHN Satellite server URL:

June 30, 2014
Russian government to switch from Intel and AMD x86 “WinTel” solutions to Linux running on ARM CPU

Is this a good idea or just security through obscurity?

Russian government to switch from Intel and AMD x86 “WinTel” solutions to Linux running on ARM CPUs. 8 core in 2015 and 16 core for servers in 2016.

June 25, 2014
Text or Binary - Using Bitbucket with PowerShell and PowerGUI

How to setup Dell Quest PowerGUI to edit PowerShell PS1 scripts to Bitbucket with the correct UTF-8 Text encoding to overcome the erroneous Binary Encoding

We use the following workflow to update Microsoft PowerShell (VMware PowerCLI actually) scripts in the Atlassian Bitbucket GIT repository and had this same issue when getting started out of the box with defaults.

Workflow

The default files created with PowerGui are having the 3 letter file name extension ps1 but when uploaded with Sourcetree they show up in Bitbucket as Binary so text features like edit or diff don’t work. Based on the feedback here and with other google searches the fix for this was to indeed change the encoding to UTF-8, make a simple change to the file, and upload it again. After a few tries this works perfectly and is repeatable. There is a trick though as PowerGUI doesn’t make it obvious how to change the encoding. Here are the steps.

Procedure

  1. Start powergui as you normally would. BTW – this is a windows program and I’ve tested this on Windows 8
  2. Choose “PowerShell Libraries” from the File menu
  3. Check the box to enable “Add-on.ScriptEditorEssentials” from the Snapins/Modules dialog box. Click OK.
  4. Now Enable UTF-8 Encoding from the File menu.
  5. That’s it. Any file you save now will be UTF-8 encoded and show up properly in Bitbucket once uploaded.

Reference:

http://en.community.dell.com/techcenter/powergui/f/4833/t/19575613.aspx


image

image

image

image

image

image

As you can see in the below screenshot we now have text functions available on line such as view, edit, and diff.

image


powershell, powergui, powercli, text, binary, sourcetree, bitbucket, atlassian

June 24, 2014
Flash Card HTML

Flash Card Test




June 20, 2014
BeagleBone Black Rev C Setup 4GB MMC Debian - Getting Started Experience

BeagleBone Black Rev C Setup Experience

I got my new BeagleBone Black Rev C Single Board Computer in the mail via USPS today (May 21st, 2014). Not too bad. It’s all up and running and I was able to ssh into it and run my first demo app.

I had decided to get a BBB a few days ago and was disappointed when I went to order them on line they were out of stock.  They had run out of the Rev B with only 2 GB on board eMMC (embedded Multi-Media Controller) memory storage and were working on a new Rev C model with 4 GB. But I filled out the web to requesting to be informed when they were back in stock.  Here’s the email they sent me:

Adafruit Industries <support@adafruit.com>
May 18 (3 days ago)

Dear Iben Rodriguez ,

You have successfully subscribed to the Back In Stock Notification List for:

BeagleBone Black Rev C – 4GB Flash – Pre-installed Debian

We shall send you an e-mail when it is back in stock!

The very next day I was plesantly surprised to find this message sitting in my inbox:

Adafruit Industries <support@adafruit.com>
May 19 (2 days ago)

Dear Iben Rodriguez,

We have restocked a product you asked to be notified about.

Please check it out before it goes out of stock again!

————————————————–
Product Back In Stock
————————————————–
BeagleBone Black Rev C – 4GB Flash – Pre-installed Debian

Link: http://www.adafruit.com/products/1876

So I dropped everything and went on line and ordered one for me and one for the kids. The total cost with the cheapest shipping option (USPS) was $59.97 and the nice part was I was able to use PayPal. I’m glad I didn’t pay for more expensive shipping as it only took them 2 days to get it to me.

I also ordered a Half-open Frame Design Clear Case Enclosure for $7.97.Image

The mailman managed to squeeze the package into my mailbox.  Try that with a “regular” computer.

Inside was a smaller box all surrounded in bubble wrap.

It came with a 3 foot USB cable 4P(A)M to mini 5P(B)M, a getting started card, and a packing slip.

 

 


Getting Started Card

Image

Image

Image

Image


The packing slip has a quote on it:

Art is I; science is we - Claude Bernard

for support: http://www.adafruit.com/support


Initial setup

I used the USB to PC connection method.  I also plugged an Ethernet cable in and connected the BBB to my lab network. It booted up right away and got an IP address via DHCP.  They really went out of their way to make this thing easy to use.  The file system showed up in my Windows Explorer with a START.htm and a README.htm file.  Just click on those and they open up in your web browser. No network or Internet connection needed.

Image

Opening these files will give you the instructions you need to install the correct drivers for your PC’s Operating System to communicate over the USB network port.

Install the drivers for your operating system to give you network-over-USB access to your BeagleBone. Additional drivers give you serial access to your board.

Operating System
Windows (64-bit) 64-bit installer If in doubt, try the 64-bit installer first.
Windows 32-bit installer
Mac OS X NetworkSerial
Install both sets of drivers.
Linux: mkudevrule.sh
Driver installation isn’t required, but you might find a few udev rules helpful. 

putty com3 9600 baud USB to serial connection

I used windows 8.1 and after installing the drivers you can find the assigned serial communications port in your windows computer device manager. Mine showed up as COM3.

Image

Open Putty and configure a serial port session for COM3.

Image

When you initially connect you will be greeted with a banner message as follows:

Debian GNU/Linux 7 beaglebone ttyGS0

default username:password is [debian:temppwd]

Support/FAQ: http://elinux.org/Beagleboard:BeagleBoneBlack_Debian

The IP Address for usb0 is: 192.168.7.2
beaglebone login:

I logged in as root and since there’s no default password set it takes you right to the # prompt.

root
Last login: Wed Apr 23 20:20:20 UTC 2014 on ttyO0
Linux beaglebone 3.8.13-bone47 #1 SMP Fri Apr 11 01:36:09 UTC 2014 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
root@beaglebone:~#

Running ifconfig and df -h show some basic system info.

root@beaglebone:~# ifconfig -a
eth0 Link encap:Ethernet HWaddr 1c:ba:8c:xx:xx:xx
inet addr:192.168.xxx.xxx Bcast:192.168.xxx.255 Mask:255.255.255.0
inet6 addr: fe80::xxxx:8cff:fea2:xxxx/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1073 errors:0 dropped:0 overruns:0 frame:0
TX packets:126 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:215972 (210.9 KiB) TX bytes:17833 (17.4 KiB)
Interrupt:40

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

usb0 Link encap:Ethernet HWaddr f6:66:fe:xx:xx:xx
inet addr:192.168.7.2 Bcast:192.168.7.3 Mask:255.255.255.252
inet6 addr: fe80::f466:xxxx:xxxx:xxc6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2072 errors:0 dropped:0 overruns:0 frame:0
TX packets:4634 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:146703 (143.2 KiB) TX bytes:6914510 (6.5 MiB)

root@beaglebone:~#
root@beaglebone:~# df -h
Filesystem Size Used Avail Use% Mounted on
rootfs 3.4G 1.4G 1.9G 44% /
udev 10M 0 10M 0% /dev
tmpfs 100M 632K 99M 1% /run
/dev/disk/by-uuid/8aecba16-c811-47ee-86ed-78588c08ce2a 3.4G 1.4G 1.9G 44% /
tmpfs 249M 0 249M 0% /dev/shm
tmpfs 249M 0 249M 0% /sys/fs/cgroup
tmpfs 100M 0 100M 0% /run/user
tmpfs 5.0M 0 5.0M 0% /run/lock
/dev/mmcblk0p1 96M 72M 25M 75% /boot/uboot
/dev/mmcblk1p1 63G 5.1G 58G 9% /media/NO NAME

root@beaglebone:~#

Notice the 64 GB MicroSDXC UFD shows up as /dev/mmcblk1p1

Update the Debian Operating System with the latest patches using the Advanced Packaging Tool get command.

root@beaglebone:~# apt-get update
root@beaglebone:~# apt-get upgrade
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages will be upgraded:
base-files dpkg dpkg-dev libdpkg-perl liblcms2-2 libsmbclient libsoup-gnome2.4-1 libsoup2.4-1 libssl-dev
libssl-doc libssl1.0.0 libwbclient0 libxfont1 libxml2 libxml2-dev libxml2-utils linux-libc-dev openssl tzdata
19 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 14.1 MB of archives.
After this operation, 46.1 kB of additional disk space will be used.

This is super awesome!  I created a file on the local file system, pulled power, plugged it back in and after a few seconds the system was back up and my file was still there.  This is the fastest computer in the lab.


BBB Web Server

Open a web browser and connect to the USB Network Interface:

There are actually 2 different web servers running on the BBB Rev C debian OS out of the box.

  1. http://192.168.7.2:80/Support/bone101/
  2. http://192.168.7.2:8080/

The default web server running on port 80 is served from the /var/lib/cloud9 directory on the local file system:

root@beaglebone:/var/lib/cloud9# ls -al
total 636
drwxr-xr-x 13 debian debian 4096 Apr 23 20:20 .
drwxr-xr-x 41 root root 4096 Jan 1 2000 ..
drwxr-xr-x 3 debian debian 4096 Apr 23 21:01 .c9
drwxr-xr-x 8 debian debian 4096 Apr 23 21:01 .git
-rw-r–r– 1 debian debian 13 Apr 23 21:01 .gitignore
-rw-r–r– 1 debian debian 8808 Apr 23 21:01 LICENSE
-rw-r–r– 1 debian debian 471 Apr 23 21:01 README.md
drwxr-xr-x 4 debian debian 4096 Apr 23 21:01 Support
drwxr-xr-x 3 debian debian 4096 Apr 23 21:01 attic
drwxr-xr-x 2 root root 4096 Apr 23 20:20 autorun
drwxr-xr-x 2 debian debian 4096 Apr 23 21:01 demo
drwxr-xr-x 5 debian debian 4096 Apr 23 21:01 extras
-rw-r–r– 1 debian debian 562718 Apr 23 21:01 favicon.ico
drwxr-xr-x 2 debian debian 4096 Apr 23 21:01 images
-rw-r–r– 1 debian debian 2377 May 22 18:45 index.html
drwxr-xr-x 2 debian debian 4096 Apr 23 21:01 javascripts
-rw-r–r– 1 debian debian 673 Apr 23 21:01 params.json
drwxr-xr-x 5 debian debian 4096 Apr 23 21:01 static
drwxr-xr-x 2 debian debian 4096 Apr 23 21:01 stylesheets
-rw-r–r– 1 debian debian 659 Apr 23 21:01 testace.html
root@beaglebone:/var/lib/cloud9#

The alternate web server running on port 8080 is served from the /var/www/ directory on the local file system.  There are no files in this directory from the factory and directory browsing is enabled so any files you place here will be listed in the browser.

Image


There’s a link to the GITHUB bone101 Getting Started section:

https://github.com/beagleboard/bone101

bone101

Getting started information for BeagleBone and BeagleBone Black written in BoneScript

The content here is presented by the default web server running with the demonstration Linux distributions provided on BeagleBone and BeagleBone Black. It is written in HTML and makes use of the BoneScript server running on the board and BoneScript JavaScript library running in these HTML pages.

Image


Run your first program.  

I tried the demo program called “Blink an on-board LED” and just by clicking the “RUN” button in the IDE you are able to download and run the program. Super easy! I changed some of the timer numbers and ran it again.  This makes it so easy to experiment.

var b = require(‘bonescript’);
var led = “USR3″;
var state = 0;

b.pinMode(led, ‘out’);
toggleLED = function() {
state = state ? 0 : 1;
b.digitalWrite(led, state);
};

timer = setInterval(toggleLED, 1000);

stopTimer = function() {
clearInterval(timer);
};

setTimeout(stopTimer, 30000);


Splunk Forwarder on BeagleBoard Black

Download - forwarder-for-linux-arm-raspberry-pi_10.tgz – the installer from:

Installation Manual:

Installation Steps:

 

tar -xvzf forwarder-for-linux-arm-raspberry-pi_10.tgz -C /opt

root@beaglebone:/opt/splunkforwarder/bin# /opt/splunkforwarder/bin/splunk start
/opt/splunkforwarder/bin/splunkd: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
/opt/splunkforwarder/bin/splunkd: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory

Splunk> Finding your faults, just like mom.

Checking prerequisites…
/opt/splunkforwarder/bin/splunkd: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
Checking mgmt port [8089]: /opt/splunkforwarder/bin/splunkd: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
open
Creating: /opt/splunkforwarder/var/lib/splunk
Creating: /opt/splunkforwarder/var/run/splunk
Creating: /opt/splunkforwarder/var/run/splunk/appserver/i18n
Creating: /opt/splunkforwarder/var/run/splunk/appserver/modules/static/css
Creating: /opt/splunkforwarder/var/run/splunk/upload
Creating: /opt/splunkforwarder/var/spool/splunk
Creating: /opt/splunkforwarder/var/spool/dirmoncache
Creating: /opt/splunkforwarder/var/lib/splunk/authDb
Creating: /opt/splunkforwarder/var/lib/splunk/hashDb
/opt/splunkforwarder/bin/splunkd: error while loading shared libraries: libpcre.so.1: cannot open shared object file: No such file or directory
SSL certificate generation failed.

root@beaglebone:~# ls -al /opt/splunkforwarder/lib
total 5468
drwxr-xr-x 3 root root 4096 Sep 28 2013 .
drwxr-xr-x 9 root root 4096 May 23 04:29 ..
-r–r–r– 1 root root 57 Sep 27 2013 copyright.txt
drwxr-xr-x 2 root root 4096 Sep 28 2013 engines
lrwxrwxrwx 1 root root 20 Sep 27 2013 libarchive.so -> libarchive.so.13.1.2
lrwxrwxrwx 1 root root 20 Sep 27 2013 libarchive.so.13 -> libarchive.so.13.1.2
-r-xr-xr-x 1 root root 511016 Sep 28 2013 libarchive.so.13.1.2
lrwxrwxrwx 1 root root 15 Sep 27 2013 libbz2.so -> libbz2.so.1.0.3
lrwxrwxrwx 1 root root 15 Sep 27 2013 libbz2.so.1 -> libbz2.so.1.0.3
-r-xr-xr-x 1 root root 71020 Sep 28 2013 libbz2.so.1.0.3
lrwxrwxrwx 1 root root 18 Sep 27 2013 libcrypto.so -> libcrypto.so.1.0.0
-r-xr-xr-x 1 root root 1476588 Sep 28 2013 libcrypto.so.1.0.0
lrwxrwxrwx 1 root root 18 Sep 27 2013 libexslt.so -> libexslt.so.0.8.17
lrwxrwxrwx 1 root root 18 Sep 27 2013 libexslt.so.0 -> libexslt.so.0.8.17
-r-xr-xr-x 1 root root 97796 Sep 28 2013 libexslt.so.0.8.17
lrwxrwxrwx 1 root root 16 Sep 27 2013 libpcre.so -> libpcre.so.1.2.1
lrwxrwxrwx 1 root root 16 Sep 27 2013 libpcre.so.1 -> libpcre.so.1.2.1
-r-xr-xr-x 1 root root 244172 Sep 28 2013 libpcre.so.1.2.1
lrwxrwxrwx 1 root root 19 Sep 27 2013 libsqlite3.so -> libsqlite3.so.0.8.6
lrwxrwxrwx 1 root root 19 Sep 27 2013 libsqlite3.so.0 -> libsqlite3.so.0.8.6
-r-xr-xr-x 1 root root 575376 Sep 28 2013 libsqlite3.so.0.8.6
lrwxrwxrwx 1 root root 15 Sep 27 2013 libssl.so -> libssl.so.1.0.0
-r-xr-xr-x 1 root root 336464 Sep 28 2013 libssl.so.1.0.0
lrwxrwxrwx 1 root root 16 Sep 27 2013 libxml2.so -> libxml2.so.2.9.1
lrwxrwxrwx 1 root root 16 Sep 27 2013 libxml2.so.2 -> libxml2.so.2.9.1
-r-xr-xr-x 1 root root 1832152 Sep 28 2013 libxml2.so.2.9.1
lrwxrwxrwx 1 root root 17 Sep 27 2013 libxslt.so -> libxslt.so.1.1.28
lrwxrwxrwx 1 root root 17 Sep 27 2013 libxslt.so.1 -> libxslt.so.1.1.28
-r-xr-xr-x 1 root root 323324 Sep 28 2013 libxslt.so.1.1.28
lrwxrwxrwx 1 root root 13 Sep 27 2013 libz.so -> libz.so.1.2.8
lrwxrwxrwx 1 root root 13 Sep 27 2013 libz.so.1 -> libz.so.1.2.8
-r-xr-xr-x 1 root root 94648 Sep 28 2013 libz.so.1.2.8
root@beaglebone:~#

root@beaglebone:~# /opt/splunkforwarder/bin/splunk cmd $(which env) | grep -i splunk

PATH=/opt/splunkforwarder/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/opt/splunkforwarder/bin/splunk
SPLUNK_HOME=/opt/splunkforwarder
SPLUNK_DB=/opt/splunkforwarder/var/lib/splunk
SPLUNK_SERVER_NAME=splunkforwarder
SPLUNK_WEB_NAME=splunkweb
LD_LIBRARY_PATH=/opt/splunkforwarder/lib
OPENSSL_CONF=/opt/splunkforwarder/openssl/openssl.cnf
LDAPCONF=/opt/splunkforwarder/etc/openldap/ldap.conf
root@beaglebone:~# /opt/splunkforwarder/bin/splunk cmd $(which ldd) /opt/splunkforwarder/bin/splunkd
librt.so.1 => /lib/arm-linux-gnueabihf/librt.so.1 (0xb6f68000)
libpcre.so.1 => /opt/splunkforwarder/lib/libpcre.so.1 (0xb6f2a000)
libxml2.so.2 => /opt/splunkforwarder/lib/libxml2.so.2 (0xb6d69000)
libxslt.so.1 => /opt/splunkforwarder/lib/libxslt.so.1 (0xb6d1a000)
libssl.so.1.0.0 => /opt/splunkforwarder/lib/libssl.so.1.0.0 (0xb6cc8000)
libcrypto.so.1.0.0 => /opt/splunkforwarder/lib/libcrypto.so.1.0.0 (0xb6b5c000)
libdl.so.2 => /lib/arm-linux-gnueabihf/libdl.so.2 (0xb6b50000)
libarchive.so.13 => /opt/splunkforwarder/lib/libarchive.so.13 (0xb6ad2000)
libbz2.so.1 => /opt/splunkforwarder/lib/libbz2.so.1 (0xb6ac0000)
libsqlite3.so.0 => /opt/splunkforwarder/lib/libsqlite3.so.0 (0xb6a33000)
libz.so.1 => /opt/splunkforwarder/lib/libz.so.1 (0xb6a1b000)
libm.so.6 => /lib/arm-linux-gnueabihf/libm.so.6 (0xb69af000)
libpthread.so.0 => /lib/arm-linux-gnueabihf/libpthread.so.0 (0xb6994000)
libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0xb68af000)
/lib/ld-linux.so.3 => /lib/ld-linux-armhf.so.3 (0xb6f85000)
root@beaglebone:~#


 

Next we’ll try out version control with GIT and the Cloud9 IDE

June 20, 2014
salt stack setup on beaglebone black rev c debian arm for Enterprise consumers

salt stack setup on beaglebone black rev c debian arm

I’ve been having fun playing around with my new ARM processor mini computer.  It’s a Beagle Bone Black (aka bbb) Revision C which has 512mb ram, 4gb flash storage, and comes pre-installed with Debian.  Here are the details of the salt stack minion install.

WHAT IS SALT?
SaltStack takes a new approach to infrastructure management by developing software that is easy enough to get running in seconds, scalable enough to manage tens of thousands of servers, and fast enough to control and communicate with them in milliseconds. SaltStack delivers a dynamic infrastructure communication bus used for orchestration, remote execution, configuration management and much more.

Before you start this procedure you should have the following things ready:

  1. BBB unit
  2. USB cable
  3. Ethernet cable
  4. Internet access
  5. Admin console computer to drive the setup – I used an apple mac mini running windows 8.1 enterprise
  6. admin console should be setup with the BBB drivers the come with it and you will need basic apps like Putty for terminal access
  7. Salt Master server already setup and on the network

This process took about 15 minutes. I used the following guide as a reference: http://docs.saltstack.com/en/latest/topics/installation/debian.html

Procedure to install salt minion:

  1. plug everything in following the BBB getting started guide. the bbb i used was 
  2. open a terminal window to the BBB. I used putty to connect to the BBB three different ways:
    1. with ssh to the local USB NDIS ip address 192.168.7.2 
    2. to the COM3 serial port
    3. with ssh to the dhcp assigned ethernet address (check the dhcp server logs for “beaglebone”)
  3. Login as root – there is no root password for the bbb out of the box configuration
  4. Since i have a few BBB units it’s important to change the hostname so I’m able to differentiate them in the logs, dhcp servers, and salt configurations:
    vi /etc/hostname # change beaglebone to something unique
    vi /etc/hosts # change beaglebone to something unique
    reboot # or manually restart each service using the hostname
  5. This block of code will perform the four following steps: update apt repo list, import the APT repo signing key, update the package DB, and install the salt-minion.
    echo 'deb http://debian.saltstack.com/debian wheezy-saltstack main' >> /etc/apt/sources.list
    wget -q -O- "http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key" | apt-key add -
    apt-get update
    apt-get -y install salt-minion
    #copy and paste these 4 lines to your terminal session
  6. Configure the minion by editing this file
    vi /etc/salt/minion
  7. Insert a new line to configure the master either for an IP address or hostname:
    #master: salt
    master: 192.168.100.100

    In this example I am pointing the master to 192.168.100.100

  8. Now you need to start the salt stack minion daemon
    salt-minion -d
  9. The next part is done on the salt master server. Open a console to your master, view the pending key requests, and accept them:
    salt-key
    salt-key -A
  10. That’s it!  You can test the install by running a few commands:
     salt '*' grains.items
    beaglebone:
    cpu_flags: swp half thumb fastmult vfp edsp thumbee neon vfpv3 tls
    cpu_model: ARMv7 Processor rev 2 (v7l)
    cpuarch: armv7l
    defaultencoding: UTF-8
    defaultlanguage: en_US
    domain:
    fqdn: beaglebone
    fqdn_ip4:
    127.0.1.1
    fqdn_ip6:
    gpus:
    host: beaglebone
    hwaddr_interfaces: {'lo': '00:00:00:00:00:00', 'usb0': '96:b3:d1:ff:ff:ff', 'eth0': '1c:ba:8c:ff:ff:ff'}
    id: beaglebone
    ip_interfaces: {'lo': ['127.0.0.1'], 'usb0': ['192.168.7.2'], 'eth0': ['192.168.100.117']}
    ipv4:
    127.0.0.1
    192.168.100.117
    192.168.7.2
    ipv6:
    ::1
    fe80::ffff
    fe80::ffff
    kernel: Linux
    kernelrelease: 3.8.13-bone47
    localhost: beaglebone
    lsb_distrib_codename: wheezy
    lsb_distrib_description: Debian GNU/Linux 7.4 (wheezy)
    lsb_distrib_id: Debian
    lsb_distrib_os: GNU/Linux
    lsb_distrib_release: 7.4
    master: 192.168.100.100
    mem_total: 497
    nodename: beaglebone
    num_cpus: 1
    num_gpus: 0
    os: Debian
    os_family: Debian
    osarch: armhf
    oscodename: wheezy
    osfullname: Debian
    osrelease: 7.4
    path: /sbin:/usr/sbin:/bin:/usr/bin
    ps: ps -efHww
    pythonpath:
    /usr/bin
    /usr/local/lib/python2.7/dist-packages/distribute-0.7.3-py2.7.egg
    /usr/local/lib/python2.7/dist-packages/setuptools-3.4.4-py2.7.egg
    /usr/lib/python2.7
    /usr/lib/python2.7/plat-linux2
    /usr/lib/python2.7/lib-tk
    /usr/lib/python2.7/lib-old
    /usr/lib/python2.7/lib-dynload
    /usr/local/lib/python2.7/dist-packages
    /usr/lib/python2.7/dist-packages
    /usr/lib/python2.7/dist-packages/gtk-2.0
    /usr/lib/pymodules/python2.7
    pythonversion: 2.7.3.final.0
    saltpath: /usr/lib/python2.7/dist-packages/salt
    saltversion: 2014.1.4
    saltversioninfo:
    2014
    1
    4
    server_id: 546237894
    shell: /bin/sh
    virtual: physical
    zmqversion: 3.2.3

Here is a detailed log of the install process:

root@beaglebone:~# echo 'deb http://debian.saltstack.com/debian wheezy-saltstack main' >> /etc/apt/sources.list
root@beaglebone:~# wget -q -O- "http://debian.saltstack.com/debian-salt-team-joehealy.gpg.key" | apt-key add -
OK
root@beaglebone:~# apt-get update
Hit http://security.debian.org wheezy/updates Release.gpg
Get:1 http://debian.saltstack.com wheezy-saltstack Release.gpg [836 B]
Hit http://ftp.us.debian.org wheezy Release.gpg
Hit http://security.debian.org wheezy/updates Release
Hit http://debian.beagleboard.org wheezy-bbb Release.gpg
Get:2 http://debian.saltstack.com wheezy-saltstack Release [5204 B]
Hit http://ftp.us.debian.org wheezy-updates Release.gpg
Hit http://ftp.us.debian.org wheezy Release
Hit http://debian.beagleboard.org wheezy-bbb Release
Get:3 http://ftp.debian.org wheezy-backports Release.gpg [836 B]
Hit http://security.debian.org wheezy/updates/main armel Packages
Hit http://ftp.us.debian.org wheezy-updates Release
Hit http://security.debian.org wheezy/updates/contrib armel Packages
Get:4 http://debian.saltstack.com wheezy-saltstack/main armel Packages [2921 B]
Get:5 http://ftp.debian.org wheezy-backports Release [147 kB]
Hit http://ftp.us.debian.org wheezy/main armel Packages
Hit http://security.debian.org wheezy/updates/non-free armel Packages
Get:6 http://debian.saltstack.com wheezy-saltstack/main armhf Packages [3414 B]
Hit http://debian.beagleboard.org wheezy-bbb/main armhf Packages
Hit http://security.debian.org wheezy/updates/main armhf Packages
Hit http://ftp.us.debian.org wheezy/contrib armel Packages
Hit http://security.debian.org wheezy/updates/contrib armhf Packages
Hit http://ftp.us.debian.org wheezy/non-free armel Packages
Hit http://security.debian.org wheezy/updates/non-free armhf Packages
Hit http://ftp.us.debian.org wheezy/main armhf Packages
Hit http://security.debian.org wheezy/updates/contrib Translation-en
Hit http://ftp.us.debian.org wheezy/contrib armhf Packages
Hit http://security.debian.org wheezy/updates/main Translation-en
Ign http://debian.saltstack.com wheezy-saltstack/main Translation-en
Hit http://ftp.us.debian.org wheezy/non-free armhf Packages
Hit http://security.debian.org wheezy/updates/non-free Translation-en
Ign http://debian.beagleboard.org wheezy-bbb/main Translation-en
Get:7 http://ftp.debian.org wheezy-backports/main armel Packages [434 kB]
Hit http://ftp.us.debian.org wheezy/contrib Translation-en
Hit http://ftp.us.debian.org wheezy/main Translation-en
Hit http://ftp.us.debian.org wheezy/non-free Translation-en
Hit http://ftp.us.debian.org wheezy-updates/main armel Packages
Get:8 http://ftp.debian.org wheezy-backports/contrib armel Packages [2459 B]
Hit http://ftp.us.debian.org wheezy-updates/contrib armel Packages
Hit http://ftp.us.debian.org wheezy-updates/non-free armel Packages
Get:9 http://ftp.debian.org wheezy-backports/non-free armel Packages [4819 B]
Hit http://ftp.us.debian.org wheezy-updates/main armhf Packages
Get:10 http://ftp.debian.org wheezy-backports/main armhf Packages [450 kB]
Hit http://ftp.us.debian.org wheezy-updates/contrib armhf Packages
Hit http://ftp.us.debian.org wheezy-updates/non-free armhf Packages
Hit http://ftp.us.debian.org wheezy-updates/contrib Translation-en
Hit http://ftp.us.debian.org wheezy-updates/main Translation-en/DiffIndex
Hit http://ftp.us.debian.org wheezy-updates/non-free Translation-en
Get:11 http://ftp.debian.org wheezy-backports/contrib armhf Packages [4958 B]
Get:12 http://ftp.debian.org wheezy-backports/non-free armhf Packages [4819 B]
Get:13 http://ftp.debian.org wheezy-backports/contrib Translation-en [5113 B]
Get:14 http://ftp.debian.org wheezy-backports/main Translation-en [257 kB]
Get:15 http://ftp.debian.org wheezy-backports/non-free Translation-en [18.8 kB]
Fetched 1342 kB in 7s (178 kB/s)
Reading package lists... Done


root@beaglebone:~# apt-get -y install salt-minion
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
dctrl-tools debconf-utils dmidecode libjs-jquery libpgm-5.1-0 libzmq3 msgpack-python python-async
python-crypto python-git python-gitdb python-jinja2 python-m2crypto python-mako python-markupsafe
python-smmap python-yaml python-zmq salt-common
Suggested packages:
debtags python-crypto-dbg python-crypto-doc python-jinja2-doc python-beaker python-mako-doc salt-doc
python-augeas
The following NEW packages will be installed:
dctrl-tools debconf-utils dmidecode libjs-jquery libpgm-5.1-0 libzmq3 msgpack-python python-async
python-crypto python-git python-gitdb python-jinja2 python-m2crypto python-mako python-markupsafe
python-smmap python-yaml python-zmq salt-common salt-minion
0 upgraded, 20 newly installed, 0 to remove and 19 not upgraded.
Need to get 4503 kB of archives.
After this operation, 16.2 MB of additional disk space will be used.
Get:1 http://debian.saltstack.com/debian/ wheezy-saltstack/main libzmq3 armhf 3.2.3+dfsg-1~bpo70~dst+1 [344 kB]
Get:2 http://ftp.us.debian.org/debian/ wheezy/main libpgm-5.1-0 armhf 5.1.118-1~dfsg-0.1 [180 kB]
Get:3 http://ftp.debian.org/debian/ wheezy-backports/main dmidecode armhf 2.12-2~bpo70+1 [51.8 kB]
Get:4 http://debian.saltstack.com/debian/ wheezy-saltstack/main python-zmq armhf 13.1.0-1~bpo70~dst+1 [357 kB]
Get:5 http://ftp.us.debian.org/debian/ wheezy/main dctrl-tools armhf 2.22.2 [151 kB]
Get:6 http://ftp.us.debian.org/debian/ wheezy/main debconf-utils all 1.5.49 [55.8 kB]
Get:7 http://debian.saltstack.com/debian/ wheezy-saltstack/main salt-common all 2014.1.4+ds-2~bpo70+1 [1674 kB]
Get:8 http://ftp.us.debian.org/debian/ wheezy/main libjs-jquery all 1.7.2+dfsg-1 [80.1 kB]
Get:9 http://ftp.us.debian.org/debian/ wheezy/main msgpack-python armhf 0.1.10-1 [48.3 kB]
Get:10 http://ftp.us.debian.org/debian/ wheezy/main python-crypto armhf 2.6-4+deb7u3 [521 kB]
Get:11 http://ftp.us.debian.org/debian/ wheezy/main python-async armhf 0.6.1-1 [41.8 kB]
Get:12 http://ftp.us.debian.org/debian/ wheezy/main python-smmap all 0.8.2-1 [20.9 kB]
Get:13 http://ftp.us.debian.org/debian/ wheezy/main python-gitdb armhf 0.5.4-1 [56.7 kB]
Get:14 http://ftp.us.debian.org/debian/ wheezy/main python-git all 0.3.2~RC1-1 [314 kB]
Get:15 http://debian.saltstack.com/debian/ wheezy-saltstack/main salt-minion all 2014.1.4+ds-2~bpo70+1 [27.4 kB]
Get:16 http://ftp.us.debian.org/debian/ wheezy/main python-markupsafe armhf 0.15-1 [14.3 kB]
Get:17 http://ftp.us.debian.org/debian/ wheezy/main python-jinja2 armhf 2.6-1 [167 kB]
Get:18 http://ftp.us.debian.org/debian/ wheezy/main python-m2crypto armhf 0.21.1-2 [174 kB]
Get:19 http://ftp.us.debian.org/debian/ wheezy/main python-mako all 0.7.0-1.1 [59.3 kB]
Get:20 http://ftp.us.debian.org/debian/ wheezy/main python-yaml armhf 3.10-4 [164 kB]
Fetched 4503 kB in 8s (516 kB/s)
Selecting previously unselected package libpgm-5.1-0.
(Reading database ... 59253 files and directories currently installed.)
Unpacking libpgm-5.1-0 (from .../libpgm-5.1-0_5.1.118-1~dfsg-0.1_armhf.deb) ...
Selecting previously unselected package libzmq3:armhf.
Unpacking libzmq3:armhf (from .../libzmq3_3.2.3+dfsg-1~bpo70~dst+1_armhf.deb) ...
Selecting previously unselected package dmidecode.
Unpacking dmidecode (from .../dmidecode_2.12-2~bpo70+1_armhf.deb) ...
Selecting previously unselected package dctrl-tools.
Unpacking dctrl-tools (from .../dctrl-tools_2.22.2_armhf.deb) ...
Selecting previously unselected package debconf-utils.
Unpacking debconf-utils (from .../debconf-utils_1.5.49_all.deb) ...
Selecting previously unselected package libjs-jquery.
Unpacking libjs-jquery (from .../libjs-jquery_1.7.2+dfsg-1_all.deb) ...
Selecting previously unselected package msgpack-python.
Unpacking msgpack-python (from .../msgpack-python_0.1.10-1_armhf.deb) ...
Selecting previously unselected package python-crypto.
Unpacking python-crypto (from .../python-crypto_2.6-4+deb7u3_armhf.deb) ...
Selecting previously unselected package python-async.
Unpacking python-async (from .../python-async_0.6.1-1_armhf.deb) ...
Selecting previously unselected package python-smmap.
Unpacking python-smmap (from .../python-smmap_0.8.2-1_all.deb) ...
Selecting previously unselected package python-gitdb.
Unpacking python-gitdb (from .../python-gitdb_0.5.4-1_armhf.deb) ...
Selecting previously unselected package python-git.
Unpacking python-git (from .../python-git_0.3.2~RC1-1_all.deb) ...
Selecting previously unselected package python-markupsafe.
Unpacking python-markupsafe (from .../python-markupsafe_0.15-1_armhf.deb) ...
Selecting previously unselected package python-jinja2.
Unpacking python-jinja2 (from .../python-jinja2_2.6-1_armhf.deb) ...
Selecting previously unselected package python-m2crypto.
Unpacking python-m2crypto (from .../python-m2crypto_0.21.1-2_armhf.deb) ...
Selecting previously unselected package python-mako.
Unpacking python-mako (from .../python-mako_0.7.0-1.1_all.deb) ...
Selecting previously unselected package python-yaml.
Unpacking python-yaml (from .../python-yaml_3.10-4_armhf.deb) ...
Selecting previously unselected package python-zmq.
Unpacking python-zmq (from .../python-zmq_13.1.0-1~bpo70~dst+1_armhf.deb) ...
Selecting previously unselected package salt-common.
Unpacking salt-common (from .../salt-common_2014.1.4+ds-2~bpo70+1_all.deb) ...
Selecting previously unselected package salt-minion.
Unpacking salt-minion (from .../salt-minion_2014.1.4+ds-2~bpo70+1_all.deb) ...
Processing triggers for man-db ...
Setting up libpgm-5.1-0 (5.1.118-1~dfsg-0.1) ...
Setting up libzmq3:armhf (3.2.3+dfsg-1~bpo70~dst+1) ...
Setting up dmidecode (2.12-2~bpo70+1) ...
Setting up dctrl-tools (2.22.2) ...
Setting up debconf-utils (1.5.49) ...
Setting up libjs-jquery (1.7.2+dfsg-1) ...
Setting up msgpack-python (0.1.10-1) ...
Setting up python-crypto (2.6-4+deb7u3) ...
Setting up python-async (0.6.1-1) ...
Setting up python-smmap (0.8.2-1) ...
Setting up python-gitdb (0.5.4-1) ...
Setting up python-git (0.3.2~RC1-1) ...
Setting up python-markupsafe (0.15-1) ...
Setting up python-jinja2 (2.6-1) ...
Setting up python-m2crypto (0.21.1-2) ...
Setting up python-mako (0.7.0-1.1) ...
Setting up python-yaml (3.10-4) ...
Setting up python-zmq (13.1.0-1~bpo70~dst+1) ...
Setting up salt-common (2014.1.4+ds-2~bpo70+1) ...
Setting up salt-minion (2014.1.4+ds-2~bpo70+1) ...
[ ok ] Starting salt-minion (via systemctl): salt-minion.service.
Processing triggers for python-support ...
root@beaglebone:~#

June 20, 2014
PowerShell PowerCLI PowerGUI – Microsoft Windows cloud automation tools for VMware vSphere ESXi Administrators

PowerShell PowerCLI PowerGUI – Microsoft Windows cloud automation tools for VMware vSphere Administrators

PowerGUi 3.8

The Center for Internet Security (CIS) recently released their Security Configuration Benchmark for ESXi 5.1 available here:

  • Download link:
    https://benchmarks.cisecurity.org/tools2/vm/CIS_VMware_ESXi_5.1_Benchmark_v1.0.0.pdf
  • Length: 132 pages
  • Release date: 10 June 2014
  • Cost: Free
  • Includes the following items for over 100 checks needed to harden an ESXi machine:
    • Rationale for each item
    • Audit steps with PowerCLI example
    • Remediation steps with PowerCLI example
    • Impact statement
    • Default Value settings
    • References to on line documentation for more info

In this post we will show how to get setup with a Windows based Graphical User Interface (GUI) for running PowerShell scripts to manage your VMware vSphere ESXi based environment. As virtualization is being used as an infrastructure platform for more security sensitive workloads in many enterprises it’s important to have an automated and repeatable set of tools to both audit and configure your environment.

Traditionally changes and audits have been made manually.  With only a few systems to manage this might be doable on an occasional basis where changes are infrequent.  But, as tech refresh cycles shorten and demand for new services increases automation becomes more necessary.

Specifically, when setting up or making changes to an ESXi host there are a few methods to connect to it for administration purposes:

  1. DCUI: Direct Console User Interface – plugging in a Keyboard and Display to the machine running ESXi. Using arrow keys and Function commands to authenticate and move around a very simple menu system with limited options.
  2. Local Shell: Typing commands to the DCUI allows more sophisticated control but no Clipboard so no copy and paste thus no ability to repeat commands. No automation capabilities. Subject to human error. LImited to VGA 640×480 resolution.
  3. Remote Shell: Using Secure Shell (SSH) over the network to the ESXi host. This is the most familiar interface to many UNIX administrators. Scripts are typically stored in a repo where Clipboard copy and paste operations can be leveraged.  Sessions can be logged to provide an audit trail and sent off to assist with troubleshooting. Terminal screen size can be expanded giving you multiple windows and lots of text real estate to work with.
  4. vMA: The vSphere Management Assistant is a Linux-based virtual machine that is pre-installed with a command-line interface and select third-party agents needed to manage your vSphere infrastructure. vMA includes the vSphere SDK for Perl and the vSphere Command-Line Interface (vSphere CLI).
  5. vSphere Client: The vSphere Client is a Windows program used to configure an ESXi host and to operate its virtual machines. You can download vSphere Client from any host or vCenter Server. vCenter Server is used to manage multiple hosts and provides advanced management options, such as resource sharing, High Availability, and vMotion.
  6. vSphere Web Client: The vSphere Web Client enables you to connect to a vCenter Server system to manage an ESXi host through a browser.
  7. PowerCLIVMware PowerCLI is a “snapin” for the Windows PowerShell interface for command-line interface (CLI) access to administration tasks or for creating executable scripts. Windows 7 and 8 both come with the PowerShell task-based command-line shell and scripting language built-in and ready to go.
  8. PowerGUI: The Quest Software PowerGUI tool for Windows users provides a Graphical User Interface (GUI) script editor and debugger for PowerShell.

Getting Started with PowerCLI

This post will cover the powershell method to manage Virtual Machines hosted on a VMware vSphere environment. Using these tools will provide a repeatable scalable method to audit and harden the ESXi hosts for security sensitive organizations. Scripts can be developed for various applications with customized configurations checked into a Software Configuration Management (SCM) tool such as GIT, SVN, Perforce, CVS, or ClearCase. Output from these scripts can be fed into a Governance, Risk management, and Compliance (GRC) tool such as RSA Archer, TraceSecurity TraceCSO, Virma Aruvio, MetricStream GRC Cloud, ControlCase GRC, LockPath Cloud GRC, or the Cloud Security Alliance (CSA) GRC Stack.

What you need:

  • Admin workstation: a laptop or desktop system with Microsoft Windows 7 or 8
  • PowerShell will be pre-installed with the latest versions of windows
  • PowerCLI – download from https://www.vmware.com/support/developer/PowerCLI/
  • PowerGUI – download from http://en.community.dell.com/techcenter/powergui/m/bits/
  • VMware vSphere Hypervisor – you will need an ESXi machine to test your scripts on
  • VMware vSphere vCenter Server – optional – used to manage one or more ESXi hypervisor hosts
  • VMware vSphere Virtual Machine – optional – used for testing your scripts

Setup Steps:

Once all the prerequisites are installed and running it’s time to run a test script to make sure everything’s working.

  1. Open the PowerGUI Script Editor application
  2. Run the following commands to connect to the vSphere environment being worked on:
    NOTE: Change the IP Address, User, and Password as needed.
    Set-ExecutionPolicy RemoteSigned 
    Add-PSSnapin VMware.VimAutomation.Core 
    Get-PowerCLIVersion 
    Connect-VIServer -server 192.168.1.55 -user root -Password P@ssw0rd
    Get-VM
  3. The output might take a few seconds to process and should look something like this:
    Name            PowerState Num CPUs MemoryGB 
    ----            ---------- -------- -------- 
    w7e64-template  PoweredOff 1        1.000 
    w2k8r2-template PoweredOff 1        1.000

Operational Security Audit and Remediation

Now that the setup is complete try running some of the PowerCLI commands from the CIS Benchmark.

  1. Build a generic script to perform Audits and Remediations. Save it and check it in to the SCM tool.
  2. Customize and save versions of these scripts for the various environments being hardened. For example:
    1. prod-audit-YYMMDD.ps
    2. prod-remediate-YYMMDD.ps
    3. dev-audit-YYMMDD.ps
    4. dev-remediate-YYMMDD.ps
    5. qa-audit-YYMMDD.ps
    6. qa-remediate-YYMMDD.ps

Follow up todo list:

Exporting the results from these scripts would be very handy.

How to schedule these reports.

Running scripts like this against other cloud and virtual compute environments like Amazon Web Services (AWS) or Microsoft Azure.

Using GITHUB, Assembla, or Bitbucket as a source code repo with SourceTree.

June 2, 2014

June 2, 2014

Liked posts on Tumblr: More liked posts »