Today I discovered that the minimal installation of Centos 6.2 installs a few extra packages if it's done in graphical mode. The graphical installation adds the package matahari, which also adds another 32 dependencies.
If you want to delete all these packages and services, run the following command
yum erase matahari-lib matahari-agent-lib matahari-broker matahari-host matahari-service matahari-sysconfig matahari-network matahari qpid-cpp-client qpid-cpp-client-ssl qpid-cpp-server-ssl qpid-cpp-server sigar polkit dbus qpid-qmf boost ConsoleKit eggdbus boost-filesystem boost-program-options boost-graph boost-date-time boost-serialization boost-test boost-thread boost-regex boost-wave boost-signals boost-iostreams boost-python ConsoleKit-libs libicu
Remember that this only applies to Centos 6.2.
Monday 23 January 2012
VMWare vCenter minimum permissions to deploy a VM
These are the minimum permissions that a user / group needs in order to
1. First create a user or group that requires these permissions in windows (vCenter uses the local windows or AD users).
2. Then login to vCenter as an administrator.
3. From the top navigation bar, go to Home -> Roles.
4. Right click on the Roles column and click on Add..
5. Create another role called Browse Datastore and set the following Privileges
7. Give the role a name, in this case we'll call it VMUser and set the following Privileges
8. To allow the user / group to connect to vSphere and see the VMs, go to Home > Inventory > Datastores ... and select the datastore where the VMs will be stored.
9. On the Permissions tab, right click and select Add Permission .... Add the user / group and select the role Browse Datastore from the dropdown. Then, click ok.
10. To allow the users deploy VMs, go to Home > Inventory > Hosts and Clusters and select the host or cluster where the user will be allowed to deploy vms.
11. On the Permissions tab, right click and select Add Permission .... Add the user / group and select the role Deploy from the dropdown. Then, click ok.
12. To allow users interact with the VMs, go to Home > Inventory > VMs and Templates and select a folder that contains the templates the user / group wants to deploy.
13. On the Permissions tab, right click and select Add Permission .... Add the user / group and select the role VMUser from the dropdown. Then, click ok.
Try this configuration by opening a new vSphere Vlient and login in as the new user. vSphere client should only show the VMs and templates in the folder that was selected on step 12 and allow a minimal number of operations on both VMs and templates.
To further secure this, it is good to allow the users to deploy VMs only to a resource pool that is memory and CPU constrained.
- Deploy a VM from a template using VMWare vCenter 5.
- Interact with the VM, without being able to change its configuration.
- Delete those VMs.
1. First create a user or group that requires these permissions in windows (vCenter uses the local windows or AD users).
2. Then login to vCenter as an administrator.
3. From the top navigation bar, go to Home -> Roles.
4. Right click on the Roles column and click on Add..
5. Create another role called Browse Datastore and set the following Privileges
- Datastore
- Allocate Space
- Browse Datastore
- Remove File
- Host
- Local operations
- Create virtual machine
- Delete virtual machine
- Resource
- Assign virtual machine to resource pool
- modify resource pool
7. Give the role a name, in this case we'll call it VMUser and set the following Privileges
- Global
- Cancel Task
- Host
- Local operation
- Create virtual machine
- Delete virtual machine
- Scheduled Task (check all)
- Virtual Machine
- Iteraction
- Answer question
- Configure CD media
- Configure floppy media
- Console interaction
- Device connection
- Power off
- Power on
- Reset
- Suspend
- VMWare tools install
- Inventory
- Create from existing
- Remove
- Provisioning
- Deploy template
- State (check all)
8. To allow the user / group to connect to vSphere and see the VMs, go to Home > Inventory > Datastores ... and select the datastore where the VMs will be stored.
9. On the Permissions tab, right click and select Add Permission .... Add the user / group and select the role Browse Datastore from the dropdown. Then, click ok.
10. To allow the users deploy VMs, go to Home > Inventory > Hosts and Clusters and select the host or cluster where the user will be allowed to deploy vms.
11. On the Permissions tab, right click and select Add Permission .... Add the user / group and select the role Deploy from the dropdown. Then, click ok.
12. To allow users interact with the VMs, go to Home > Inventory > VMs and Templates and select a folder that contains the templates the user / group wants to deploy.
13. On the Permissions tab, right click and select Add Permission .... Add the user / group and select the role VMUser from the dropdown. Then, click ok.
Try this configuration by opening a new vSphere Vlient and login in as the new user. vSphere client should only show the VMs and templates in the folder that was selected on step 12 and allow a minimal number of operations on both VMs and templates.
To further secure this, it is good to allow the users to deploy VMs only to a resource pool that is memory and CPU constrained.
Wednesday 11 January 2012
The power of the personal wiki
In the last few days, I've been implementing a bit of the Getting Things Done process (or workflow) in order to be a bit more in control of everything that is going on in my life.
One of the things I've done is to create a personal wiki to use as a digital reference system and I've found that I'm adding so much information that I keep looking on the internet over and over again. The benefit is that I don't need to rely on google anymore and I can organize the information in whatever way I want.
Why is this important? Many times I've spent something between a few hours and a couple of days researching something (eg how to install certain software on the DLink DNS323), just to forget everything about that a few weeks later. This is not really a problem, until a few months later, whatever I did stops working and I need to remember (aka google furiously) what I did in order to revert it or fix it.
Here's where the personal wiki pays off as lots of the notes, links and sample scripts can be there as a reminder of what we've learned.
Of course there are lower tech solutions to this (eg use google docs or plain text files), but I like the wiki approach as it also allows to easily link, relate and search content.
One of the things I've done is to create a personal wiki to use as a digital reference system and I've found that I'm adding so much information that I keep looking on the internet over and over again. The benefit is that I don't need to rely on google anymore and I can organize the information in whatever way I want.
Why is this important? Many times I've spent something between a few hours and a couple of days researching something (eg how to install certain software on the DLink DNS323), just to forget everything about that a few weeks later. This is not really a problem, until a few months later, whatever I did stops working and I need to remember (aka google furiously) what I did in order to revert it or fix it.
Here's where the personal wiki pays off as lots of the notes, links and sample scripts can be there as a reminder of what we've learned.
Of course there are lower tech solutions to this (eg use google docs or plain text files), but I like the wiki approach as it also allows to easily link, relate and search content.
Subscribe to:
Posts (Atom)