Top
Cloud Infrastructure Management SoftwareV1.2.0 User's Guide
Appendix I Registering and Deregistering Managed Servers > I.1 Registering VM Hosts > I.1.1 Setting up Resource Information Collection from the VM Host
PreviousNext

I.1.1 Setting up Resource Information Collection from the VM Host

Resource information collection must be set up for the VM host on a Managed Server. A VM host is a server virtualization software product that runs on a server in order to operate virtual machines. An example of a VM host is VMware ESX for VMware.

The setup procedure varies depending on which virtualization software is used. Perform the setup procedure by referring to the article on the virtualization software being used.

For VMware

  1. Use the VMware vSphere Client to log in directly to the managed Vmware ESX. For the IP address / Name field, enter the host name or IP address for VMware ESX. Enter root for User name and the password for the root account for Password, and then click the <Login> button.

  2. If a [Security Warning] window regarding certificates appears, click the <Ignore> button.

  3. In the [VMware vSphere Client] window, select the [Users and Groups] tab (for Version 4.1 of VMware this will be Local Users and Groups), and then click <Users>.

  4. Right-click on the user table and then select Add.

  5. In the [Add New User] dialog box, enter "sqcsqc001" (the default value) for Login, User Name and Password. Then, select the [Grant shell access to this user] checkbox, and click the <OK> button.

    The user "sqcsqc001" will be added to the user table.

    Point

    For Version 4.1 of VMware, access permissions for using ssh must be set up for the "sqcsqc001" user that was added above. Use the following procedure to set up access permissions.

    1. Use the VMware vSphere Client to change the settings for the SSH server to automatic execution.

      1. Select the [Configuration] tab of the VMware vSphere Client.

      2. Select [Software] and then [Security Profile] on the left-hand side of the window.

      3. Click [Properties] at the top right-hand corner of the window.

      4. The [Firewall Properties] dialog box will open, so select the SSH Server row and then select the checkbox to the left of SSH Server.

      5. With the SSH Server row selected, click the <Options> button at the bottom right of the dialog box.

      6. The SSH server (sshd) option dialog box will open, so select Start automatically when a port opens and stop when all ports close in Activation policy. Start the service by clicking Start at Service command. If the service has already started, Start is grayed out, but this is not a problem and you can continue the operation.

      7. Click the <OK> button to close the SSH server (sshd) option dialog box and the [Firewall Properties] dialog box.

    2. Log in to VMware ESX with the root account.

    3. Open the "/etc/pam.d/sshd" file and add the following entry to the last line.

      account    required     pam_access.so

    4. Open the "/etc/security/access.conf" file and add the following line.

      +:<Name of the user that has been added>:<IP address of the Admin Server>.

      Note

      • If an "-:ALL:ALL" line already exists, be sure to add the new line before the "-:ALL:ALL" line. If the new lines are added after the "-:ALL:ALL" line, the settings will not take effect.

      • Be sure to add a period (".") after the IP address.

      (Example of the file before the changes)
+:root:ALL
+:vpxuser:ALL
+:vslauser:ALL
-:ALL:ALL

(Example of the file after the changes: The underlined section has been added)
Note: When the added user is sqcsqc001, and the IP address of the Admin Server is 192.168.1.142
+:root:ALL
+:vpxuser:ALL
+:vslauser:ALL
+:sqcsqc001:192.168.1.142.
      -:ALL:ALL

  6. Log in to VMware ESX (mentioned above) with the root account.

  7. Execute the visudo command to edit the sudoers file.

    Add the following line to the end of the sudoers file, and then save the file. In the following example, the connection account is "sqcsqc001" (the default value). Change the value to match the actual connection account.

    [Setting example]

    sqcsqc001 ALL=(ALL) NOPASSWD: /usr/bin/esxtop
sqcsqc001 ALL=(ALL) NOPASSWD: /usr/sbin/esxcfg-vmhbadevs
sqcsqc001 ALL=(ALL) NOPASSWD: /usr/sbin/vdf
sqcsqc001 ALL=(ALL) NOPASSWD: /usr/sbin/esxcfg-nics
sqcsqc001 ALL=(ALL) NOPASSWD: /usr/sbin/esxcfg-vswitch
sqcsqc001 ALL=(ALL) NOPASSWD: /bin/egrep
sqcsqc001 ALL=(ALL) NOPASSWD: /usr/sbin/esxcfg-scsidevs

    Information

    If the environment allows you to log in to Managed Servers from the Admin Server, you can check whether the sudoers file has been edited correctly by logging in to the Managed Server with the connection account (e.g. "sqcsqc001") from the Admin Server and executing the "sudo -l" command. If the following window is displayed, the sudoers file has been edited correctly.

    [Execution result example]

    $ sudo -l
User sqcsqc001 may run the following commands on this host:
(ALL) NOPASSWD: /usr/bin/esxtop
(ALL) NOPASSWD: /usr/sbin/esxcfg-vmhbadevs
(ALL) NOPASSWD: /usr/sbin/vdf
(ALL) NOPASSWD: /usr/sbin/esxcfg-nics
(ALL) NOPASSWD: /usr/sbin/esxcfg-vswitch
(ALL) NOPASSWD: /bin/egrep
(ALL) NOPASSWD: /usr/sbin/esxcfg-scsidevs

For Hyper-V

With this version, information cannot be collected from Hyper-V.


PreviousNext
Copyright 2011 FUJITSU LIMITED