Servers

Change IDE to VirtIO Disk in KVM

Posted on by Andy

I want to show you how to change an IDE disk to a VirtIO disk in an already done guest. In my example it is a FreeBSD 10.3 guest:

First open your guest's /etc/fstab and change: 

all /dev/ada0pX to /dev/vtbd0pX (FreeBSD only)
all /dev/sdaX to /dev/vdaX (Linux only)

Now shutdown the guest and connect to your KVM host's shell. Then type: 

# virsh edit <SERVER_DOMAIN>

find following line: 

<disk type='file' device='disk'>
    ...
    <target dev='hda' bus='ide'/>
    ...
</disk>

and change it to 

<target dev='vda' bus='virtio'/>

also remove all occurance of "<address type=…" within the same disk section. On save KVM will regenerate the line for you. Note that this part is needed for correct disk values wihtin the guest!

Now restart your guest and everything should be running. 

# virsh start >SERVER_DOMAIN>

PLEASE NOTE: This method has worked for me on any Linux/FreeBSD guest but apparently there were some windows installations were this method broke the MBR, so please do a backup first!

VMware vSphere 5.x client and Windows XP/Server 2003

Posted on by Andy

When installed on a Windows XP or Windows Server 2003 host machine, the vSphere Client and vSphere PowerCLI may fail to connect to vCenter Server 5.0, 5.1 and 5.5 due to a Handshake failure. vSphere 5.0, 5.1 and 5.5 uses the Open SSL library, which, for security, is configured by default to accept only connections that use strong cipher suites. On Windows XP or Windows Server 2003, the vSphere Client and vSphere PowerCLI do not use strong cipher suites to connect with vCenter Server.

Here is the fix:

  1. Connect to the host via SSH
  2. Navigate to the directory:

    /etc/vmware/rhttpproxy/
  3. Backup the config.xml file. Do not skip this step.
  4. Open config.xml file using vi editor
  5. Add the <cipherList>ALL</cipherList> parameter between the <ssl>…</ssl> section of the configuration file. Use the model below as an example: 

    <config>
...
<vmacore>
...
<ssl>
<doVersionCheck> false </doVersionCheck>
<useCompression>true</useCompression>
<libraryPath>/lib/</libraryPath>
<cipherList>ALL</cipherList> # <-- TO BE ADDED
</ssl>
...
</vmacore>
...
</config>
  6. Save and close the config.xml file
  7. Reset the rhttpproxy service for the change to take effect by running the command:

    /etc/init.d/rhttpproxy restart

Allow root login only for specific network range on FreeBSD

Posted on by Andy

On FreeBSD the SSHd root login is disabled by default. Now to allow root login only for a specific network range or network host add the following to /etc/ssh/sshd_config: 

Match Address 192.168.0.*, 172.16.0.1, 172.16.0.2, 172.16.*.*
        PermitRootLogin yes

the addresses are separated by commas and i guess the asterisk is self-explaining if you are into computing 😛