revlis.nl

July 25, 2014 — 8:53

Author: silver Category: virtualization Comments: Off

Update 2022

Of course most of this is outdated by now and instead of Perl we now have PowerCLI (and govc) and open-vm-tools has replaced vmware-tools :)

VM – sysctl

Memory related optimalisation:

vm.swappiness = 10 vm.dirty_ratio = 60 vm.dirty_background_ratio = 2 vm.overcommit_ratio = 0 vm.overcommit_memory = 0 kernel.shmmax = 268435456 kernel.shmall = 268435456 vm.min_free_kbytes = 65536

Reboot a minute after a kernel panic:

kernel.panic = 60 kernel.panic_on_oops = 60

Disable IPv6:

net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1

VM – install vmware-tools

Debian:
sudo mount /dev/sr0 /media/cdrom; tar zxf /media/cdrom/*.tar.gz -C /tmp; sudo /tmp/vmware-tools-distrib/vmware-install.pl -d<br />

RedHat:
sudo mount /dev/sr0 /mnt/cdrom; tar zxf /mnt/cdrom/*.tar.gz -C /tmp; sudo /tmp/vmware-tools-distrib/vmware-install.pl -d<br />

VM – rescan/resize disk without reboot

echo "- - -" > /sys/class/scsi_host/host#/scan /usr/share/doc/sg3-utils/examples/archive/rescan-scsi-bus.sh /sys/class/scsi_disk ls cd 0:0:0:0 echo '1' > device/rescan xfs_growfs /dev/sdb

Settings vmx

bios.bootDelay = "5000" suspend.disabled = "TRUE"

Using vim-cmd

~~http://blogs.balius.com/2010/12/24/esxi-creating-new-virtual-machines-servers-from-the-command-line/~~

vim-cmd vmsvc/getallvms vim-cmd vmsvc/device.diskremove 272 0 1 n vim-cmd solo/registervm /vmfs/volumes/vm01/vm01.vmx vm01 vnum=$(vim-cmd solo/registervm /vmfs/volumes/datastore1/$1/$1.vmx) vim-cmd vmsvc/power.on $vnum vim-cmd vmsvc/power.off $(vim-cmd vmsvc/getallvms |grep $1|awk '{print $1}') vim-cmd vmsvc/destroy $(vim-cmd vmsvc/getallvms |grep $1|awk '{print $1}')

vSphere SDK for Perl

Installation:

Download VMware vSphere Perl SDK
Linux: installer uses CPAN
Windows: ActivePerl is not included in 6.5 anymore so it needs to be installed first (Strawberry Perl is also supposed to work), installer uses PPM for packages

Options for authentication (besides user/password):

Config file: --config
Environment Variables: VI_USERNAME VI_PASSWORD
Credential store: VICredStore.pm
Session file: --sessionfile
Windows SSPI: --passthroughauth

http://pubs.vmware.com/vsphere-65/topic/com.vmware.perlsdk.pg.doc/viperl_proggd_preface.2.1.html
http://pubs.vmware.com/vsphere-65/topic/com.vmware.ICbase/PDF/vsphere-perl-sdk-65-programming-guide.pdf

Hardening script:

Original script: vmwarevSphereSecurityHardeningReportCheck.pl
vSphere 6.x update: vmwarevSphereSecurityHardeningReportCheck.pl

http://communities.vmware.com/docs/DOC-9852
http://www.vmware.com/security/hardening-guides.html