2020.05.12 – Problem and solution for Virtual Network in VMware Fusion and ESXi

Posted on May 9, 2020 by SILVIQUE

Info details of the problem

VM with allowed network NAT

[root@esxi00:~] ping yahoo.com
getaddrinfo() for "yahoo.com" failed (-3: Temporary failure in name resolution)

VM with Share with my MAC

WAN -> em0 -> DHCP: 192.168.100.128
LAN -> em1 -> 10.1.1.251

murgescusilvia@Murgescus-MacBook-Pro ~ % ssh root@192.168.100.128
ssh: connect to host 192.168.100.128 port 22: Host is down

murgescusilvia@Murgescus-MacBook-Pro ~ % ssh root@192.168.100.128
ssh: connect to host 192.168.100.128 port 22: Operation timed out

[2.4.5-RELEASE][root@pfSense.silvique.ro]/root: ping yahoo.com
PING yahoo.com (98.138.219.232): 56 data bytes
ping: sendto: No route to host
...

Sometime work sometime does not work ….

Step 1. Reading VMware documentation to trying to solve the problem:

From here https://kb.vmware.com/s/article/2009642?lang=en_US I’ve dome this and restart the MacBook PRO :

sudo rm -f "Library/Preferences/VMware Fusion/networking"
sudo rm -f "Library/Preferences/VMware Fusion/locations"
sudo "/Applications/VMware Fusion.app/Contents/Library/vmnet-cli" -c

The problem is still there. Not solve it!

Step 2 . Ideas receive from a fried and apply it => Solved the problem! OK!!

Change network from 10.1..1.251 to 10.1.1.2 and very and test Internet connection

2.0. Make sure pfSense is powered pff

2.1. Inside ESXi terminal

 [root@esxi00:~] esxcfg-route 
VMkernel default gateway is 10.1.1.2


[root@esxi00:~] esxcli network ip dns server list
   DNSServers: 10.1.1.2


[root@esxi00:~] ping google.com
PING google.com (216.58.212.142): 56 data bytes
64 bytes from 216.58.212.142: icmp_seq=0 ttl=128 time=52.287 ms
64 bytes from 216.58.212.142: icmp_seq=1 ttl=128 time=53.458 ms
64 bytes from 216.58.212.142: icmp_seq=2 ttl=128 time=53.811 ms


--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 52.287/53.185/53.811 ms


[root@esxi00:~]

2.2. For internal CentOS VM inside ESXi_00 I change external ip to 10.1.1.50/25 and 10.1.1.2 and it works OK.

2.3. For pfSense in Vmware Fusion I do not modify anything, but ping works ok.

All are connected to Network > Custom > Allow using NAT

2020.05.7 – Problem and solution for increasing the size of a ESXi virtual disk

Posted on May 7, 2020 by SILVIQUE

Problem: Increase the size of a ESXi Virtual Disk

I wasn’t able to find a solution and mad it work!

Thing an other solution:

Step 1. Migrate a Virtual Machine to New Storage in the vSphere Web Client

Procedure on vCenter:

Right-click the virtual machine from ESXI00.datastore.1 and select Migrate.
Click Change storage only and click Next.
Select the format for the virtual machine’s disks
1. Same format as source
Select a virtual machine storage policy from the VM Storage Policy drop-down menu: ESXi00.datastore.2
On the Ready to complete page, review the details and click Finish.

Step 2. Remove a Virtual Hard Disk from a Virtual Machine

Now imposible to power on!

The solution is to install a new ESXi and all VM that I’ve lost!

2020.05.6 – Install CentOS 8 Server on VMware ESXi

Posted on May 6, 2020 by SILVIQUE

This page inspire me: https://linuxhint.com/install_centos8_vmware_esxi_server/

Note: This version is without GUI. If needed chose Server with GUI.

The inspiration is very good. I have some differences and I will put here.

Difference:

Install into MacBook Pro > VMware Fusion > VMware ESXi
Click ESXi web client > Datastore browser > Create directory with name CentOS
Different Hard Disk and Network Adapter
Host Name: CentOS
Tipe and Data: for Romania
Username: silvia and mine password
Include also Root password

All other are exactly as in the helping blog.

2020.05.5 – Problem and Solution for License when Include ESXi into vSphere

Posted on May 5, 2020 by SILVIQUE

Theoretically:

There are 6 license for 6 ESXi and 2 license for vCenter
Maximum 3 ESXi can be included into vCenter
- Introducing into vCenter the ESXi I power on and use in that moment and need vCenter help for configuration

The License show Usage 4 CPUs and Capacity 6 CPUs

VM ESXi esxi00.silvique.ro has Evaluation License

When open Assign License show it is possible because the Usage 4 CPUs and Capacity 6 CPUs

Choose ESXi Licensing. Then the Usage change to 8 CPUs and impossible to click OK

Important information:

The License is based on 6 CPUs capacity NOT on 6 ESXi VM.

If you use ESXi’s with 2 CPUs then you can do this using maximum of 3 ESXi’s meaning a total of 6 CPUs capacity for the license. If you want to use ESXi with 4 CPUs, then a licence accepts only one ESXi with 2 CPUs.

Now it is more clear for me!

2020.05.5 – Problem and Solution with Adding ESXi host in vSphere Client

Posted on May 5, 2020 by SILVIQUE

I have a problem with Adding ESXi host into vSphere Client.

It accept the simple IP 10.1.1.10 but not the name esxi00.silvique.ro.

Cannot contact the specified host (esxi00.silvique.ro). The host may not be available on the network, a network configuration problem may exist, or the management services on this host may not be responding.

I need to put ESXi into vSpare to install a new VM as I do not find solution of installation into ESXi. But if I insert esxi00 into vSphere using the IP, I can not install VM. So I want to insert esxi00.silvique.ro base on its name to try to install Junos Spare.
- I thought it is fw problem, so I install it into esxi00 and powered on.

What can I do to insert esxi00.silvique.ro into vShere?

Ideas and solution

1. Check to see if you can ping the hostname from the vCenter appliance.

vCenter and ESXi from MacBook

murgescusilvia@Murgescus-MacBook-Pro ~ % ping 10.1.1.101
PING 10.1.1.101 (10.1.1.101): 56 data bytes
64 bytes from 10.1.1.101: icmp_seq=0 ttl=64 time=0.336 ms
64 bytes from 10.1.1.101: icmp_seq=1 ttl=64 time=0.598 ms
64 bytes from 10.1.1.101: icmp_seq=2 ttl=64 time=0.496 ms
64 bytes from 10.1.1.101: icmp_seq=3 ttl=64 time=0.217 ms
^C
--- 10.1.1.101 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.217/0.412/0.598/0.146 ms

murgescusilvia@Murgescus-MacBook-Pro ~ % ping vc01      
PING vc01.silvique.ro (10.1.1.101): 56 data bytes
64 bytes from 10.1.1.101: icmp_seq=0 ttl=64 time=0.403 ms
64 bytes from 10.1.1.101: icmp_seq=1 ttl=64 time=0.623 ms
64 bytes from 10.1.1.101: icmp_seq=2 ttl=64 time=0.456 ms
^C
--- vc01.silvique.ro ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.403/0.494/0.623/0.094 ms

murgescusilvia@Murgescus-MacBook-Pro ~ % ping vc01.silvique.ro
PING vc01.silvique.ro (10.1.1.101): 56 data bytes
64 bytes from 10.1.1.101: icmp_seq=0 ttl=64 time=0.355 ms
64 bytes from 10.1.1.101: icmp_seq=1 ttl=64 time=0.881 ms
^C
--- vc01.silvique.ro ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.355/0.618/0.881/0.263 ms

murgescusilvia@Murgescus-MacBook-Pro ~ % ping 10.1.1.10       
PING 10.1.1.10 (10.1.1.10): 56 data bytes
64 bytes from 10.1.1.10: icmp_seq=0 ttl=64 time=0.517 ms
64 bytes from 10.1.1.10: icmp_seq=1 ttl=64 time=0.389 ms
^C
--- 10.1.1.10 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.389/0.453/0.517/0.064 m
s
murgescusilvia@Murgescus-MacBook-Pro ~ % ping esxi00   
PING esxi00.silvique.ro (10.1.1.10): 56 data bytes
64 bytes from 10.1.1.10: icmp_seq=0 ttl=64 time=0.315 ms
64 bytes from 10.1.1.10: icmp_seq=1 ttl=64 time=0.513 ms
64 bytes from 10.1.1.10: icmp_seq=2 ttl=64 time=0.325 ms
^C
--- esxi00.silvique.ro ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.315/0.384/0.513/0.091 ms

murgescusilvia@Murgescus-MacBook-Pro ~ % ping esxi00.silvique.ro
PING esxi00.silvique.ro (10.1.1.10): 56 data bytes
64 bytes from 10.1.1.10: icmp_seq=0 ttl=64 time=0.385 ms
64 bytes from 10.1.1.10: icmp_seq=1 ttl=64 time=0.709 ms
^C
--- esxi00.silvique.ro ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.385/0.547/0.709/0.162 ms

ESXi00 from vCenter

murgescusilvia@Murgescus-MacBook-Pro ~ % ssh root@vc01.silvique.ro
…..

Command> ping 10.1.1.10
PING 10.1.1.10 (10.1.1.10) 56(84) bytes of data.
64 bytes from 10.1.1.10: icmp_seq=1 ttl=64 time=1.01 ms
64 bytes from 10.1.1.10: icmp_seq=2 ttl=64 time=1.11 ms
64 bytes from 10.1.1.10: icmp_seq=3 ttl=64 time=1.29 ms
64 bytes from 10.1.1.10: icmp_seq=4 ttl=64 time=0.978 ms
^C
--- 10.1.1.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.978/1.101/1.299/0.124 ms
 
Command> ping esxi00
ping: unknown host esxi00


Command> ping esxi00.silvique.ro
ping: unknown host esxi00.silvique.ro

2. If you cant you can either edit the host file on the vcenter machine

2.1. SSH’d into the vCenter using Terminal

Last login: Tue May  5 07:19:26 on ttys006
murgescusilvia@Murgescus-MacBook-Pro ~ % ssh root@vc01.silvique.ro

Command> ls /etc/
Unknown command: `ls'
Command> cd etc
Unknown command: `cd'

Command> shell
Shell access is granted to root

root@10 [ ~ ]#

2.2. Navigated to the host files directory

cd /
cd etc
ls (this list everything in the directory)

root@10 [ ~ ]# cd ..
root@10 [ ~ ]# cd /etc

2.3. Used vim to edit the file:

vim hosts

root@10 [ /etc ]# vim hosts

2.4. Added the name and the IP that I wanted to be tied together.

xxx.xxx.xxx.xxx name.domain name

# Begin /etc/hosts (network card version)


127.0.0.1   localhost.localdomain
127.0.0.1       localhost
10.1.1.101 10.1.1.101 10
10.1.1.10  esxi00.silvique.ro  esxi00
# End /etc/hosts (network card version)

2.5. Exited vi (vi automatically saves the file when you leave unless specified to not save when you leave.)

To exit and save type ESC + : x or ESC + : wq
To exit without saving type Esc + : q!

Esc 
:wq

2.6. Now test it using the Ping command.

ping name

Command> ping 10.1.1.10
PING 10.1.1.10 (10.1.1.10) 56(84) bytes of data.
64 bytes from 10.1.1.10: icmp_seq=1 ttl=64 time=0.687 ms
64 bytes from 10.1.1.10: icmp_seq=2 ttl=64 time=0.512 ms
64 bytes from 10.1.1.10: icmp_seq=3 ttl=64 time=1.03 ms
64 bytes from 10.1.1.10: icmp_seq=4 ttl=64 time=0.883 ms
^C
--- 10.1.1.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 0.512/0.780/1.039/0.199 ms

Command> ping esxi00.silvique.ro
ping: unknown host esxi00.silvique.ro
Command> ping 10.1.1.10
PING 10.1.1.10 (10.1.1.10) 56(84) bytes of data.
64 bytes from 10.1.1.10: icmp_seq=1 ttl=64 time=0.663 ms
64 bytes from 10.1.1.10: icmp_seq=2 ttl=64 time=1.03 ms
64 bytes from 10.1.1.10: icmp_seq=3 ttl=64 time=0.790 ms
64 bytes from 10.1.1.10: icmp_seq=4 ttl=64 time=0.719 ms
^C
--- 10.1.1.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.663/0.802/1.038/0.145 ms
Command> ping esxi00.silvique.ro
PING esxi00.silvique.ro (10.1.1.10) 56(84) bytes of data.
64 bytes from esxi00.silvique.ro (10.1.1.10): icmp_seq=1 ttl=64 time=0.385 ms
64 bytes from esxi00.silvique.ro (10.1.1.10): icmp_seq=2 ttl=64 time=0.539 ms
64 bytes from esxi00.silvique.ro (10.1.1.10): icmp_seq=3 ttl=64 time=0.668 ms
^C
--- esxi00.silvique.ro ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.385/0.530/0.668/0.118 ms

Command> ping esxi00
PING esxi00.silvique.ro (10.1.1.10) 56(84) bytes of data.
64 bytes from esxi00.silvique.ro (10.1.1.10): icmp_seq=1 ttl=64 time=0.388 ms
64 bytes from esxi00.silvique.ro (10.1.1.10): icmp_seq=2 ttl=64 time=0.581 ms
64 bytes from esxi00.silvique.ro (10.1.1.10): icmp_seq=3 ttl=64 time=0.599 ms
^C
--- esxi00.silvique.ro ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.388/0.522/0.599/0.099 ms

Solution photos

An other idea: Or add the host to the dnsresolver on the pfsense firewall. When using the firewall, the vcenter machine needs to have the IP of the firewall as it’s gateway and dns server.

It seems I don’t this idea now …

2020.05.4 – Problem and solution for ESXi: Failed to create virtual machine vm. The operation is not allowed in the current state

Posted on May 4, 2020 by SILVIQUE

I try to install VM into the VMware ESXi.

Before this I have added a new Hard Disk into VMware Fusion end the configure Storage Datastore into VMware ESXi.

Now I want to install a VM and I get an error:

– The vm configuration was rejected. Please see Browser console

– Failed to create virtual machine vm. The operation is not allowed in the current state.

The answer I find on internet including the solution: “check the vmware state.. if it is in maintenance mode means you are not able to create virtual machine… keep the vmware on normal state.”

I solved this problem!!!

2020.05.3 – Install Junos Space on VMware Fusion in VMware ESXi

Posted on May 3, 2020 by SILVIQUE

Notes:

This tutorial can be used also for installation inside EVE-PRO.
Make sure to use IP/Network with Internet Connection. Mandatory!

Device and Applications:

MacBook PRO 15-inch, 16 GB Memory, 2.9 GHz Processor
macOS Catalina 10.15.4
VMware Fusion 11.5.3
VMware ESXi 6.7

Details from reading and learning installation here:

Download Junos Space files

I this moment the last versions:

The ova image: space-19.4R1.3.ova
The security director: Security-Director-19.4R1.53.img

Overview

You can deploy the Junos Space Virtual Appliance *.ova file on a VMware ESXi server version 5.5, 6.0, or 6.5. Basic I have ESXi 6.7 but into installation step maybe I can modify to 6.0.

After the Junos Space Virtual Appliance is deployed, you can use the VMware vSphere client or Virtual Machine Manager (VMM) to connect to the VMware ESXi server and configure the Junos Space Virtual Appliance.

The minimum hardware requirements for deploying a Junos Space Virtual Appliance are as follows:

one core of the processor
64-bit quad processor with a clock speed of at least 2.66 GHz
Four virtual CPUs
1-Gbps network
8193 MB of RAM
500-GB hard disk
Configure Open VM tools (see Starting Open VM Tools in Junos Space Platform for details.)
- Is possible and OK to use VMware Tools? NOTE: Junos Space Network Management Platform is not certified to be used with VMware tools.
- Install it in CentOS? https://www.debiantutorials.com/how-to-install-open-vm-tools-open-virtual-machine-tools/

Installing a Junos Space Virtual Appliance on a VMware ESXi Server

Login ESXi, mine name is esxi00. Go to Virtual Machine > Create/Register VM and click Deploy a virtual machine from an OVF or OVA file. Then Next

Enter a name as jSpace-1-20.1R1.2. I needed an other version to install and I use the name jSpace-2-19.4R1.3. Find in MacBook and chose space-19.4R1.3.ova file. Click Next

Chose the datastore where jSpace will be installed

Note: I have install a new ESXi VM into VMware Fusion with
- Datastore name: datastre1
- Capacity: 532 GB
- Free: 504 GB (as I install CentOS firs)
- Type: VMFS6

Please untag the Power on Automatically and you will si way … Click Next

Verify that all is correctly and click Finish

Failed to Power On. I mine case some modification have to be done before powering on.

Down in Recent Tasks you will see and wot to finish to complete. After finished go further.

Go to Virtual Machine > jSpace-1-20.1R1.2. This si default

Virtual Machine > jSpace-2-19.4T1.3

Click Edit

CPU 2, Memory 8 GB meaning 8192 MB, Default Hard Disk is minimal accepted of 500 GB.

To be able to finish type 500 GB

Power on is working now. Go here to get help: https://rtodto.net/how-to-install-junos-space-and-security-director/

You will be asked to enter user and password which are admin and abc123 respectively also for UNIX password.

Once you entered these, you will be asked to change the password. Choose your new password according to the local instructions. Otherwise you may fail to set a proper password.

[sudo] password for admin: the_configured_password

Press enter and continue

Choose the type of node to be installed [S/F] S

Configuring Eth0:

1) Configure UPv4
2) Configure Both IPv4 and IPv6

R) Redraw Menu

Click 1 and continue

Choice [1-2,R]: 1

Please enter new IPv4 address for interface eth0
172.25.11.109
Please enter new IPv4 subnet mask for interface eth0
255.255.255.0

Enter the default IPv4 gateway as a dotted-decimal IP address:
172.25.11.254

Please type the IPv4 nameservicer address in dotted decimal notation:
8.8.8.8

Configure a separate interface for device management? [y/N] n

Will this Junos Space system be added to an existing cluster? [y/N] n

Web GUI configuration

Configuring IP address for web GUI:

1) Configure IPv4

R) Redraw Menu

Chose [1,R]: 1

Please enter IPv4 Address for web GUI:
172.25.11.100

Do you want to enable NAT service? [y/N] n

Add NTP Server? [y/N] y

Please type the new NTP server: 82.197.221.30

Note: In NTP server you can use also the default IPv4, here meaning 172.25.11.254.

Please enter display name for this node: space2

Enter password for cluster maintenance mode: mine_password
Re-enter password: mine_password

-----

A> Apply settings

-----

Chose [ACQR]: A

Here is an image but all to do list is up

Now you can connect to the box via SSH at its ip 172.25.11.109:

% ssh admin@172.25.11.109

admin@172.25.11.109's password: the-password

Junos Space Settings Menu
...
7) (Debug) run shell
...

Chose [1-7,AQR]: 7

[sudo] password for admin:

[root@space-000c29cb6706 ~]# ip -4 addr 
1: lo: <LOOPBACK,UP,LOWER_UP> meu 655536 disc no queue state UNKNOWN
  inet 127.0.0.1/8 scope host lo 
2: eth0: <BROUDCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 
  inet 172.25.11.109/24 brd 172.25.11.255 scope global eth0 <---Primary IP 
  inet 172.25.11.100/24 brd 172.25.11.255 scope global secondary eth0:0 <---Secondary GUI IP Address

Now it is time to login to the web UI.

Get inside CentOS using the password
Open Firefox application
Use https://172.25.11.100 to open Junos Space
- Username: super
- Password: juniper123
Change Temporary Password

Now going to install Security-Director-19.4R1.53.img file.

Security Director

Testing ping in MacBook Pro Terminal

murgescusilvia@Murgescus-MacBook-Pro ~ % ping centos
PING centos.silvique.ro (10.1.1.50): 56 data bytes
64 bytes from 10.1.1.50: icmp_seq=0 ttl=64 time=0.832 ms
64 bytes from 10.1.1.50: icmp_seq=1 ttl=64 time=1.320 ms
64 bytes from 10.1.1.50: icmp_seq=2 ttl=64 time=0.684 ms
c64 bytes from 10.1.1.50: icmp_seq=3 ttl=64 time=0.705 ms
64 bytes from 10.1.1.50: icmp_seq=4 ttl=64 time=0.461 ms
^C
--- centos.silvique.ro ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.461/0.800/1.320/0.286 ms
murgescusilvia@Murgescus-MacBook-Pro ~ %

-> Copy the file Security-Director-19.4R1.53.img from MacBook Pro to CentOS using Terminal from MacBook PRO

Not possible to use user name Silvia to update Security-Director-19.4R1.53.img file to CentOS:

murgescusilvia@Murgescus-MacBook-Pro ~ % scp -r /Users/murgescusilvia/Downloads/Security-Director-19.4R1.53.img Silvia@10.1.1.50:~/
Silvia@10.1.1.50's password: 
Permission denied, please try again.
Silvia@10.1.1.50's password: 
Permission denied, please try again.
Silvia@10.1.1.50's password: 
Silvia@10.1.1.50: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
lost connection
murgescusilvia@Murgescus-MacBook-Pro ~ %

Observation: Maybe it was a mistake using Silvia when I should use silvia.

But is possible to do the same and replace Silvia with root:

murgescusilvia@Murgescus-MacBook-Pro ~ % scp /Users/murgescusilvia/Downloads/Security-Director-19.4R1.53.img root@10.1.1.50:/
root@10.1.1.50's password: 
Security-Director-19.4R1.53.img                                   37%  523MB  24.5MB/s   00:35 ETA

-> Enter in CentOS
-> Open Terminal application and use cd .. command many times which goes to the top folder
-> From user silvia go to root with command su root

[silvia@CentOS /]$ su root
Password:

[root@CenrOS /]#

-> Copy the Security-Director-19.4R1.53.img file to /home/silvia/Download directory

[root@CenrOS /]# sudo cp Security-Director-19.4R1.53.img /home/silvia/Downloads/Security-Director-19.4R1.53.img

-> Remove file from root

[root@CenrOS /]# sudo rm Security-Director-19.4R1.53.img
[root@CenrOS /]# ls

Ready to use jSpace to deploy the security director.

Inside CentOS open Firefox than jSpace using the web IP like https://172.25.11.100
Web user is super and the configured password
Go to Adminitration -> Applications -> + button meaning Add Application
Select Upload via HTTP and upload the Security-Director-19.4R1.53.img
Please click on Job ID to new details > OK
Once it appears, click install then OK
Application Management Job Information: Please logout and log in again after the installation of new application completed successfully. Click on Job ID to new details. > OK
It will take a while for the application to be installed. I exit and I will not enter again. Now I take a break to be sure it will be installed after mine break.
When it is finished you will see other new applications
- Application Visibility – new
  - Version 19.4,
  - Release R1,
  - Build 53,
  - Server Group Platform
- Log Director – new
  - Version 19.4,
  - Release R1,
  - Build 53,
  - Server Group Platform
- Network Management Platform – exited already
  - Version 19.4,
  - Release R1,
  - Build 3,
  - Server Group Platform
- NSM Migration
  - Version 19.4,
  - Release R1,
  - Build 53,
  - Server Group Platform
- Security Director – new
  - Version 19.4,
  - Release R1,
  - Build 53,
  - Server Group Platform
- Security Director Login and Reporting – new
  - Version 19.4,
  - Release R1,
  - Build 53,
  - Server Group Platform
In Administation > Licenses
- License Type Tryal
- Sku Mode Trial-license
- Total License Days 60
- Remaining Days 60

And here we are! We have installed both space platform and security director. Last but not least I need to recap usernames we have configured so far to avoid any confusion.

1) admin user: We set this for the Linux shell and default password during the installation is abc123
2) maintenance user: we also set password for this but it is used for special operations. No default password for this. It must be set.
3) super user: this user is used for WEB UI and initial default password is juniper123

2020.05.2 – Connecting EVE Lab to a physical device

Posted on May 2, 2020 by SILVIQUE

Some help ideas are in EVE professional Cookbook.

A virtual lab that include CentOS is configured in EVE-PRO. The EVE-PRO is configure in VMWare Fusion. VMware Fusion is in MacBook PRO. The idea is to connect virtual CentOS to internet.

Open VMware Fusion > Click on EVE-PRO virtual machine > Click on Settings…

Create, or select if already created, 3 Network Adapter:

Network Adapter > Connect to vSphere network
Network Adapter 2 > Connect to vSphere network
Network Adapter 3 > Connect to vSphere network

Into EVE-PRO lab create a new Network type Cloud1 and connect to CentOS. Do not forget to configure the correct IP in CentOS. Details of how I done it are here: 2020.04.30 – CentOS installation into EVE-NG.

The Internet is working now

I am happy!!!

SSH commands

Posted on April 30, 2020 by SILVIQUE

Some good info: https://hackertarget.com/ssh-examples-tunnels

Move in a directory

root@eve-ng:~# cd ..
root@eve-ng:~# cd /opt/unetlab/addons/qemu

View all existing file

root@eve-ng:/opt/unetlab/addons/qemu# ls
root@eve-ng:/opt/unetlab/addons/qemu# ls nextExisting_File_Name

Create a new directory

root@eve-ng:/opt/unetlab/addons/qemu# mkdir newDirName

Rename Directory

root@eve-ng:/opt/unetlab/addons/qemu# mv oldDirName NewDirName

Rename Files:

root@eve-ng:/opt/unetlab/addons/qemu# mv oldFileName newFileName

Create qcow2 file

root@eve-ng:/opt/unetlab/addons/qemu/NeededFolder# /opt/qemu/bin/qemu-img create -f qcow2 hda.qcow2 30G (use what needed)

Delete files

root@eve-ng:/opt/unetlab/addons/qemu# sudo rm myFile.txt myFile1.txt myFile2.txt
Password: ...

Delete a whole folder and its content

root@eve-ng:/opt/unetlab/addons/qemu# sudo rm -rf foldername/
Password: ...

Problem and solution

Problem when using ssh

murgescusilvia@Murgescus-MacBook-Pro ~ % ssh silvia@ip-address  

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 

The ECDSA host key for us01 has changed, and the key for the corresponding IP address ip-address is unchanged. 
This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time. 
Offending key for IP in /Users/murgescusilvia/.ssh/known_hosts:20 

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. 

The fingerprint for the ECDSA key sent by the remote host is SHA256:5b11LsICh7VVaHkfY/HiLh6IThcZYjkkDD7Pt6dixJw. 

Please contact your system administrator. Add correct host key in /Users/murgescusilvia/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /Users/murgescusilvia/.ssh/known_hosts:19 ECDSA host key for ip-address has changed and you have requested strict checking. 

Host key verification failed.

Solution to solve this problem:

murgescusilvia@Murgescus-MacBook-Pro ~ % ssh-keygen -R ip-address 

# Host ip-address found: line 19 /Users/murgescusilvia/.ssh/known_hosts updated. 
Original contents retained as /Users/murgescusilvia/.ssh/known_hosts.old

I will add a command every time I search and use something.

2020.04.30 – CentOS installation into EVE-NG

Posted on April 30, 2020 by SILVIQUE

All used information to install I found here:

Using things:

EVE-PRO meaning with license
CentOS CentOS-8.1.1911-x86_64-dvd1.iso

Step 1. Download CentOS – donloaded from Download CentOS version Linux DVD ISO

See 2. Go into EVE-PRO and move into qemu directory

root@eve-ng:~# cd /opt/unetlab/addons/qemu

Step 3. Create a new directory and move inside it

root@eve-ng:/opt/unetlab/addons/qemu# mkdir linux-centeros-8
root@eve-ng:/opt/unetlab/addons/qemu# cd linux-centeros-8
root@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8#

Step 4. Upload CentOS-8.1.1911-x86_64-dvd1.iso in EVE-PRO using FilaFilla application

root@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8# ls
CentOS-8.1.1911-x86_64-dvd1.iso

Step 6. Create qcow2 file

root@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8# /opt/qemu/bin/qemu-img create -f qcow2 hda.qcow2 40G
Formatting 'hda.qcow2', fmt=qcow2 size=42949672960 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16
root@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8# 

root@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8# ls
CentOS-8.1.1911-x86_64-dvd1.iso  hda.qcow2
root@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8#

Step 6. Rename CentOS-8.1.1911-x86_64-dvd1.iso file

oot@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8# mv CentOS-8.1.1911-x86_64-dvd1.iso cdrom.iso

root@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8# ls
cdrom.iso  hda.qcow2

Step 7. Login to EVE-PRO then Add new lab end add CentOS node

CentOS need to have

Name: CentOS
CPU: 2
RAM (MB): 4096
Ethernets: 2
QEMU Version : 2.4
QEMU arch: tpl (x86_64)
QEMU Nic: e1000-

Click SAVE

Add a switch and configure it as Type: Management (Cloud0) and click Save

Connect

Step 8. Now ready to start CentOS

Do not click anything, just wait …

Step 9. Go throw installation process

English and Continue

Verify and configure different things…

Keuboard: English

Software: Server with GUI

Installation Destination: ATA QENU HARDDISK

After finishing click Begin Installation

During installation you need to insert toot password and user name and password

Root Pasword

User Name and Password. Also select Make this user admin

Wait to finish installation

Step 10. Restating CentOS

Before restarting CentOS you need to modify the name if application needed to install

root@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8# mv cdrom.iso centos-install.iso

I do not like restart. I click restart, then power-off and them power-on or Start

Step 11. Go throw internal installation process.

Click License Information

I accept the license agreement.

Click Finish configuration

English and Next

English (US) and Next

Privacy OFF and Next

Connect Your Online: Skip

Finish to install internal

Step 12. Networks

Select Wired Settings

I don’t have Automatic Ethernet on these network, si I have to configure it manually

Open Terminal

Use ifconfig command

I will do not this now ….

Step 13. Save the configured CentOS for all new EVE-PRO lab

Into EVE-PRO open Lab Details

Use SSH

root@eve-ng:/opt/unetlab/tmp/0/085884f1-7807-492d-814f-7b588fd1892c/1# ls
cdrom.iso  hda.qcow2  l1down_1  l1up_0  mon-sock  mon2-sock  qmp-sock  wrapper.txt

root@eve-ng:/opt/unetlab/tmp/0/085884f1-7807-492d-814f-7b588fd1892c/1# /opt/qemu/bin/qemu-img commit hda.qcow2


Image committed.

Here is tha same

root@eve-ng:/opt/unetlab/tmp/0/085884f1-7807-492d-814f-7b588fd1892c/1# ls
cdrom.iso  hda.qcow2  l1down_1  l1up_0  mon-sock  mon2-sock  qmp-sock  wrapper.txt

A needed command to make it work as configured

root@eve-ng:/opt/unetlab/addons/qemu/linux-centeros-8# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions


May 01 07:09:28 May 01 07:09:28 Online Check state: Valid

All done. CentOS is ready to go. We will now add a couple of nodes to confirm that CentOS is working.

Step 14. Verify that CentOS is working

Add a total of three CentOS

Power-on all

All 3 can power-on …

Step 14. Configure and Mange Network Connection using nmcli

The needed information I find here: How to configure and Manage Network Connections using nmcli. I use The nmcli connection sub-command chapter.

View connection profiles

# nmcli connection show 
NAME UUID TYPE DEVICE 
virbr0 bbe539aa-7042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet virbr0
virbr0-nic bbe539aa-8042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet virbr0-nic
ens3 bbe539aa-5042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet --
ens4 bbe539aa-6042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet --

The nmcli connection add Command

$ nmcli connection add con-name new-ens3 ifname ens3 type ethernet ip4 192.168.1.25/24 gw4 192.168.2.1 
Connection 'new-ens3' (f0c23472-1aec-4e84-8f1b-be8a2ecbeade) successfully added.

$ nmcli connection add con-name new-ens4 ifname ens4 type ethernet ip4 172.25.11.254/24 gw4 172.25.11.254
Connection 'new-ens4' (f0c23472-1aec-5e84-8f1b-be8a2ecbeade) successfully added.

# nmcli connection show
NAME UUID TYPE DEVICE
new-ens3 bbe539aa-9042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet ens3
new-ens4 bbe539aa-1042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet ebs4
virbr0 bbe539aa-7042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet virbr0
virbr0-nic bbe539aa-8042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet virbr0-nic
ens3 bbe539aa-5042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet --
ens4 bbe539aa-6042-4d28-a0e6-2a4d4f5dd744 802-3-ethernet --

# ls /etc/sysconfig/network-scripts/ifcfg* 
/etc/sysconfig/network-scripts/ifcfg-ens3 /etc/sysconfig/network-scripts/ifcfg-new-ens3
/etc/sysconfig/network-scripts/ifcfg-ens4 /etc/sysconfig/network-scripts/ifcfg-new-ens4

I can see this but I modify using nmcli command

I hope all detail help me and you in future use.

Silvique Tech Notes

My tech notes, ideas, projects and insights