Arun Stephens

The default installation of VMware Server 2.0 uses a self-signed certificate for the web-based management console, VMware Infrastructure Web Access. (Notice how they copied the Microsoft fashion of naming the web based tool, like Outlook Web Access and Project Web Access.)

But you may want to use a different certificate. One that browsers in your organisation will actually recognise. I couldn’t find any information on the web, so went hunting in the config files.

The location of the certificate and key are specified in the file /etc/vmware/hostd/config.xml. The default location is /etc/vmware/ssl/.

You may want to create your own certificate authority (CA). I followed the Ubuntu Server Guide’s instructions, but apart from file locations, those instructions will probably do for any installation of OpenSSL.

Once I had set up the new certificates, I had to reboot the machine. Restarting VMware didn’t do it, but that was probably because I didn’t restart the right service. Rebooting definitely worked.

With my new certificate, IE7 still prompts me for a client certificate to present, but pressing cancel to that box gives you a proper secure session without the ugly red security warning by the address bar. With Firefox it works fine.

I haven’t investigated the prompt for a client certificate in IE yet, but if you know and want to save me the trouble of figuring it out for myself, please post a comment!

Technology certificates, ssl, ubuntu, vmware

I have been setting up a whole swag of virtual machines to do my bidding. Ideally I would use ESXi but it doesn’t support my choice of server – my old laptop (Toshiba Tecra M5).

So I am back to using VMware Server. Since I last used it, VMware Server 2.0 has been released. It features a web-based management interface, which is quite good, though it uses a self-signed certificate that causes browsers to complain. I will eventually figure out how to replace it with a real certificate (or rather, one that my personal trusted certification authority has issued) and post the instructions here.

But that’s not what this post is about. My operating system of choice at the moment is Ubuntu Server 8.04 LTS. Yes, 8.10 is out, but I don’t want to download another CD image. I am in New Zealand, the land of data caps, after all. I have created a base install of Ubuntu, and want to clone it and use it as a base for other virtual machines.

Installation is simple.

Copying the virtual machine is simple:

cp -r [source_directory] [destination_name]

Then it’s a matter of renaming the virtual disk (for consistency’s sake – it’s not mandatory):

vmware-vdiskmanager -n [source_file.vmdk] [destination_file.vmdk]

Following that, I edit the .vmx file, and change references to the .vmdk file and the virtual machine name that is displayed in the management interface. Otherwise you’ll end up with multiple machines with the same name, and that gets confusing.

Once you add the machine to the inventory, VMware Server will realise that it’s a clone of an existing machine, and will ask you to confirm that. If you say it is a copy, it will regenerate some IDs, like the NIC’s MAC address. And this is where we run into trouble.

With a new MAC address, the system thinks there’s a new device in there. Which is virtually true. It leaves the existing configuration (from the base image) as eth0, and sets up the “new” NIC as eth1. Which is fine. But eth0 will never work, and it’s better (I think) for the first NIC to be eth0.

I found a solution here:

Re: Eth0 disapears in VMware and Ubuntu Server

---

I think that the best thing is delete the eth0 line from /etc/udev/rules.d/70-persistent-net.rules and change eth1 to eth0 in the eth1’s line

I mean, my file was

# This file was automatically generated by the /lib/udev/write_net_rules

# program, probably run by the persistent-net-generator.rules rules file.

#

# You can modify it, as long as you keep each rule on a single line.

# PCI device 0×1022:0×2000 (pcnet32)

SUBSYSTEM==”net”, DRIVERS==”?*”, ATTRS{address}==”00:0c:29:b0:1a:59″, NAME=”eth0″

# PCI device 0×1022:0×2000 (pcnet32)

SUBSYSTEM==”net”, DRIVERS==”?*”, ATTRS{address}==”00:0c:29:38:15:ba”, NAME=”eth1″

but now is

# This file was automatically generated by the /lib/udev/write_net_rules

# program, probably run by the persistent-net-generator.rules rules file.

#

# You can modify it, as long as you keep each rule on a single line.

# PCI device 0×1022:0×2000 (pcnet32)

SUBSYSTEM==”net”, DRIVERS==”?*”, ATTRS{address}==”00:0c:29:38:15:ba”, NAME=”eth0″

Salute

Frank Abel

Thanks Frank – that fixed it.

Some other things to think of:

You will want to change the host name of your new virtual machine, probably. You do that by editing the /etc/hostname file. But if you do that, and the new host name isn’t resolvable by DNS, you may run into troubles, especially using sudo on a default installation of Ubuntu (and probably other distros as well). So, before you change the hostname, it’s advisable to add an entry in /etc/hosts for the new host name.

I have run into trouble by changing /etc/hostname and then being unable to edit any other file, including /etc/hosts, because sudo requires that your machine’s hostname be resolved. It’s for this reason that my new rule is to create a password for root as soon as the OS is installed:

sudo passwd root

Other things I need to do when cloning the machine are editing network settings in /etc/network/interface (I am using static IP addressing) and DNS servers in /etc/resolv.conf. Then reboot and you have a clean system with its own “identity”.

Technology ubuntu, vmware

By default in Ubuntu (and probably other distributions), when you log into the SSH server, it will do a reverse DNS lookup of the client for security reasons.

That’s fine, but it’s kind of annoying when you don’t have a working reverse DNS for your IP address. Like for all my internal addresses.

To turn it off (thanks to http://ubuntuforums.org/showthread.php?t=577616):

Edit /etc/ssh/sshd_config and add the following line:

UseDNS no

Easy!

Technology dns, linux, ssh, ubuntu

This is nothing new, but I wanted to stop X from starting on bootup with Ubuntu Desktop 8.04. I would prefer to start it using startx.

The easy solution, from within the Ubuntu desktop (seeing X has started already, I may as well use graphical tools) click the System menu, then Services. Unlock (if you need to) and deselect Graphical login manager (gdm).

BE CAREFUL THOUGH: If you apply those changes, X will stop, presumably because it was started through the init scripts and by changing the init scripts it decided it didn’t need to be running any more. That can be a pain if, for example, you are writing a blog post on how to do it in Firefox at the time. (Thankfully the autosave feature of WordPress works!)

Technology linux, ubuntu, x