Project Lightwave is an open source identity and access management platform from VMware. One of the many capabilities offered is authentication of SSH logins, eliminating the need to manage local user accounts on Photon container runtime instances.  This article walks through the basic steps required to enable this feature — please see the quick start guide for instructions on how to set up a Lightwave server and join a client to the domain.

Once configured, it is possible to ssh into Photon using Lightwave directory credentials and even use sudo to run privileged commands:

SSH into Photon with your Lightwave directory credentials

Photon Configuration

After the Lightwave components and dependencies are installed, run these commands:

/opt/likewise/bin/domainjoin-cli configure --enable pam
/opt/likewise/bin/domainjoin-cli configure --enable nsswitch
/opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers]' \
   LoadOrder "ActiveDirectory" "VmDir" "Local"
/opt/likewise/bin/lwsm restart lsass

Enable SUDO for the Lightwave Account

This is an optional step.  If you would like the user logging in via Lightwave credentials to be able to run privileged commands, add the account to sudoers by doing the following:

echo 'lightwave.local\\Administrator ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/lightwave-administrator

Use SSH to log in from another system

In order to log into the Photon instance, the the Lightwave account must be specified by using one of the following variations:

ssh -l administrator@lightwave.local 192.168.237.202
ssh administrator@lightwave.local@192.168.237.202
ssh -l lightwave.local\\administrator 192.168.237.202
ssh lightwave.local\\administrator@192.168.237.202

Run your containers

After logging in, docker containers can be executed as needed:

2015-05-20_12-56-26

Project Lightwave has much more to offer, so please stay tuned for more information on technical capabilities and feature demos.  Also be sure to check out the vSphere blog for an overview of Photon and Lightwave.

 

Tags: , ,

Last month, VMware held a launch event for Cloud-Native Applications and announced two open source projects in support of this initiative.  Project Photon and Project Lightwave are infrastructure components focused on running and securing apps that leverage Linux containers.

Project Lightwave source code was just released on GitHub, but binary RPMs are also available and quite easy to install on a Photon instance if you would like to take it for a spin.  In this post you will see how to add the Lightwave repositories to Photon and perform the initial configuration for a server and client.

Environment Preparation

You will need to create two Photon VMs.  There are several options, ranging from VMware Fusion with Vagrant to vSphere to public clouds.  Ensure that each VM has a unique name.  If necessary, the hostname of a Photon instance can be changed by editing these files:

/etc/sysconfig/network
/etc/hosts

Update the hostname value stored in /etc/hostname by running:

hostnamectl <new name>

Verify by using the ‘hostnamectl’ command after rebooting.

Configure RPM Repositories

Lightwave binary RPMs are available for download, use the following procedure to enable the repositories on both the server and client Photon instances.  Log in as root or use sudo -i before executing the commands below.

First disable the Photon ISO repo if it is not connected to prevent errors during subsequent procedures:

cd /etc/yum.repos.d && sed -i 's/enabled=1/enabled=0/' photon-iso.repo

Note that you will need to edit some files.  This can be done using the installed ‘nano’ text editor, which is installed by default, or by adding the ‘vim’ package with the following command:

tdnf install vim

Paste the following script into the terminal window to create two new RPM repositories on Photon:

cd /etc/yum.repos.d
cat - <<HERE > lightwave.repo
[lightwave]
name=VMware Lightwave 1.0(x86_64)
baseurl=https://dl.bintray.com/vmware/lightwave
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck=0
enabled=1
skip_if_unavailable=True
HERE
cat - <<HERE > photon-extras.repo
[photon-extras]
name=VMware Photon Extras 1.0(x86_64)
baseurl=https://dl.bintray.com/vmware/photon_extras
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
gpgcheck=0
enabled=1
skip_if_unavailable=True
HERE

Run the following command to verify four repositories are enabled:

# tdnf repolist
repo id             repo name                               status
photon-updates      VMware Photon Linux 1.0(x86_64)Updates  enabled
lightwave           VMware Lightwave 1.0(x86_64)            enabled
photon-extras       VMware Photon Extras 1.0(x86_64)        enabled
photon              VMware Photon Linux 1.0(x86_64)         enabled

 

Install Lightwave Server Components

There are several dependencies needed for Lightwave but the tdnf package manager will take care of installation. The vmware-lightwave-server package is actually a meta-RPM that pulls everything down with a single command.  Packages can also be installed individually if something interferes with the simplified process.

root [ /etc/yum.repos.d ]# tdnf install vmware-lightwave-server
Installing:
 e2fsprogs-devel x86_64 1.42.9-1
 haveged x86_64 1.9.1-1.0
 vmware-ca-client x86_64 6.0.0-0
 boost x86_64 1.56.0-1
 krb5 x86_64 1.12.2-1
 openldap x86_64 2.4.40-1
 cyrus-sasl x86_64 2.1.26-1
 vmware-directory-client x86_64 6.0.0-0
 vmware-afd-client x86_64 6.0.0-0
 likewise-open x86_64 6.2.0-0
 vmware-ic-config x86_64 1.0.0-0
 vmware-directory x86_64 6.0.0-0
 vmware-ca x86_64 6.0.0-0
 vmware-afd x86_64 6.0.0-0
 vmware-lightwave-server x86_64 6.0.0-0

 

The next step is to promote this first server to become a domain controller:

root [ /etc/yum.repos.d ]# /opt/vmware/bin/ic-promote --domain lightwave.local --password VMware1!
20150519200020:INFO:Setting up system as Infrastructure standalone node
20150519200020:INFO:Starting service [dcerpc]
20150519200020:INFO:Starting service [vmafd]
20150519200021:INFO:Starting service [vmdir]
20150519200024:INFO:Starting service [vmca]
20150519200025:INFO:Setting various configuration values
20150519200025:INFO:Promoting directory service to be domain controller
20150519200025:INFO:Setting up the logical deployment unit
20150519200025:INFO:Setting up VMware Certificate Authority
20150519200025:INFO:Adding VMCA's root certificate to VMware endpoint certificate store
20150519200025:INFO:Generating Machine SSL cert
20150519200025:INFO:Setting Machine SSL certificate
20150519200025:INFO:Publishing Machine SSL certificate for directory service
20150519200025:INFO:Restarting service [vmdir]
Domain Controller setup was successful

Ensure the process is successful as shown above.

 

Install Lightwave Client Components and Join Domain

The client components are also covered by a single meta-RPM called vmware-lightwave-clients.  Jump over to the client Photon instance and execute the following command:

root [ /etc/yum.repos.d ]# tdnf install vmware-lightwave-clients
Installing:
 e2fsprogs-devel x86_64 1.42.9-1
 haveged x86_64 1.9.1-1.0
 boost x86_64 1.56.0-1
 krb5 x86_64 1.12.2-1
 openldap x86_64 2.4.40-1
 cyrus-sasl x86_64 2.1.26-1
 vmware-afd-client x86_64 6.0.0-0
 likewise-open x86_64 6.2.0-0
 vmware-ic-config x86_64 1.0.0-0
 vmware-directory-client x86_64 6.0.0-0
 vmware-ca-client x86_64 6.0.0-0
 vmware-afd x86_64 6.0.0-0
 vmware-lightwave-clients x86_64 6.0.0-0

After installing the packages, one last step is needed to join the domain created in the previous step:

# /opt/vmware/bin/ic-join --domain-controller 192.168.237.198 --domain lightwave.local
Password (administrator@lightwave.local):
20150519201521:INFO:Setting up system as client to Infrastructure node at [192.168.237.198]
20150519201521:INFO:Validating credentials to partner [192.168.237.198] at domain [lightwave.local]
20150519201521:INFO:Starting service [dcerpc]
20150519201521:INFO:Starting service [vmafd]
20150519201521:INFO:Setting various configuration values
20150519201521:INFO:Joining system to directory service at [192.168.237.198]
20150519201521:INFO:Get root certificate from VMware Certificate Authority
20150519201521:INFO:Adding VMCA's root certificate to VMware endpoint certificate store
20150519201521:INFO:Generating Machine SSL cert
20150519201521:INFO:Setting Machine SSL certificate
Domain Join was successful

 

 

Next Steps

It’s easy enough to stand up a prototype Lightwave domain, but there are many more capabilities beyond this simple deployment, such as adding additional servers to the domain in order to enable multi-master replication.

Up next we will walk through enabling SSH authentication to log into the client using domain credentials.  Stay tuned.

Tags: , ,

OpenStack is an incredibly popular technology these days, but contrary to popular belief it is not an alternative to VMware, nor is it the final solution to avoiding vendor lock-in — even if that may have been one of the early, albeit misguided, goals.  In fact, VMware is one of the top contributors to this open source project and the real appeal of OpenStack is the API that allows developers to build the type of modern, scale-out apps that have become popular on Amazon Web Services.

Since OpenStack is fundamentally an API for consuming cloud computing resources, the real question facing datacenter architects today is: what resources should be made available for consumption?  Thanks to efforts from VMware, along with other contributors, support for vSphere has substantially matured and is now a strong alternative to KVM, which was popular initially due to the open source nature of this project.

According to a recently-published performance study, an OpenStack infrastructure based on VMware technology is faster and less expensive than an equivalent stack built from Red Hat products, concluding:

  • VMware VSAN delivers 159% more IOPS than Red Hat Storage Server (GlusterFS)
  • A 16-node Cassandra NoSQL database performs 53% better on vSphere than on Red Hat KVM
  • The total cost of infrastructure hardware and software is 26% lower on VMware than on Red Hat

Thanks to the vSphere/VSAN hyper-converged infrastructure, there is no need to build dedicated clusters of shared storage like there is with GlusterFS.  Instead, shared storage functionality is provided by pooling disks and SSDs that are directly attached to hypervisor hosts.  This offers capacity and performance for a range of applications as well as flexible redundancy options — administrators can configure policies to accommodate one or more replicas of critical data across the cluster or even opt for no replication on non-essential workloads.

In addition to better performance at a lower cost, VMware also delivers a platform that is suitable for all workloads — not just design-for-fail cloud applications.  Applications running on a vSphere cluster benefit from VMware HA and DRS, reducing downtime and increasing performance as VMs are balanced according to shifting resource demands.  Don’t forget that the purpose-built ESXi hypervisor also has much broader guest operating system support and a smaller attack surface that translates into reduced host downtime for patching and maintenance.

Now you can give your developers the agile cloud API offered by OpenStack with the trusted reliability and proven performance of vSphere — the best virtual infrastructure for any application.

Tags: , , , , ,

VMware Virtual SAN (VSAN) is now generally available, and the delivery is via VMware ESXi 5.5 Update 1.  For those using a Linux PXE boot server to install ESXi hosts, below is a quick shell script that takes care of everything automatically.

Usage example (all one line):

# esxiso2pxe /var/install/tftpboot/ esxi55u1 VMware-VMvisor-Installer-5.5.0.update01-1623387.x86_64.iso

In order to use the optional ESXi submenu concept, simply add the following to pxelinux.cfg/default

LABEL esxisub
   KERNEL menu.c32
   APPEND esxi-submenu
   MENU LABEL Jump to ESXi submenu

 

 

Tags: , ,

SolarWinds just published a compelling survey that shows how technology pros from a range of organizations throughout North America view the changing role of IT.  Not surprisingly, the most impactful technology advancement from the recent past is virtualization.  Moving forward, emerging technologies expected to disrupt IT the most have to do with Bring Your Own Device (BYOD or BYOx) and mobility.  The top critical investments for business in the future will be cloud computing and mobility.

In other news, this morning VMware announced the intended acquisition of AirWatch – the leader in enterprise mobile device management.  Quelle coincidence!

Or, as Barb Darrow from GigaOm put it:

One way to prove you’re really into the mobile enterprise, is to spend over a billion on a mobile device management company.

IT pros with expertise in VMware products appear to be very well poised for the future.

Tags: ,

« Older entries