Visu@lSt@tion's Notepad – Notepad, Code, Information, …

OPNsense, filtrage basé sur la géolocalisation.

Qui n’a jamais été victime d’un scan de son firewall/parefeu à la recherche d’un accès ssh ?

Dans mon cas, je dois impérativement passer par le port standard(22) pour me connecter, sinon, les firewalls des firmes pour lesquelles je travaille ne me laissent pas passer.

Dés lors, les “scans” pleuvent de partout:

Asie
Russie
Allemagne (souvent en provenance de machines mal configurées chez Hetzner(par exemple)).
Afrique

A fin de limiter la taille de mes logs,

sur mon petit APU 2C4, j’ai installé OPNsense (un firewall/parefeu open source et gratuit, developpé par la société Deciso B.V.), et j’ai mis en place le filtrage par “GeoIP”.

Ainsi,

En créant un alias avec comme type “GeoIP”, on peut selectionner les zones que l’on accepte basé sur une liste “communautaire”. Il peut y avoir des erreurs, mais des tests effectués pendant quelques heures, aucune des IPs geolocalisées en Belgique, France, Luxembourd et aux Pays-Bas ne semble bloquée, ou mal référencée.

Move VM in yavijava/vijava

This is an example how to move a Virtual Machine in yavijava:

package be.visualstation.vmware.test;

import com.vmware.vim25.PlatformConfigFault;
import com.vmware.vim25.VirtualMachineRelocateSpec;
import com.vmware.vim25.mo.*;

import java.net.MalformedURLException;
import java.net.URL;
import java.rmi.RemoteException;
import java.util.Arrays;
import java.util.logging.Level;
import java.util.logging.Logger;

public class MoveVM {
    private ServiceInstance serviceInstance;
    private static Logger logger = Logger.getLogger("Example");
    public LoginConfiguration loginConfiguration;

    public static void main(String[] args) throws VMWareException {
        MoveVM mvm = new MoveVM();
        mvm.loginConfiguration = new LoginConfiguration("Username","Password","https://vCenter/sdk");
        mvm.moveVmToHostSystem("vmName","destinationHost (memeber of the cluster/or host)");
    }

    private ServiceInstance getServerInstance() throws MalformedURLException, RemoteException {
        if (serviceInstance == null) {
            logger.info("Server instance is NULL ... creating a new connection");
            URL url = new URL(loginConfiguration.getVmwareUrl());
            serviceInstance = new ServiceInstance(url, loginConfiguration.getUserName(), loginConfiguration.getPassword(), true);
        }
        return serviceInstance;
    }

    public Boolean moveVmToHostSystem(final String vmName, final String hostName) throws VMWareException {
        ServiceInstance si = null;
        boolean retVal;

        try {
            si = this.getServerInstance();
            Folder rootFolder = si.getRootFolder();
            VirtualMachine vm = (VirtualMachine) new InventoryNavigator(rootFolder).searchManagedEntity("VirtualMachine", vmName);
            HostSystem hostSystem = null;
            ManagedEntity[] hostSystems = new InventoryNavigator(si.getRootFolder()).searchManagedEntities("HostSystem");
            for (ManagedEntity hostSystem1 : hostSystems) {
                HostSystem host = (HostSystem) hostSystem1;
                if (host.getName().equalsIgnoreCase(hostName)) {
                    logger.log(Level.FINE, "Found HostSystem: " + hostName);
                    hostSystem = host;
                } else {
                    logger.log(Level.FINE, "HostSystem: " + hostName + " not found! Using default HostSystem.");
                }
            }
            VirtualMachineRelocateSpec relSpec = new VirtualMachineRelocateSpec();
            relSpec.setHost(hostSystem.getMOR());
            Datastore ds = hostSystem.getDatastores()[0];//.getInfo().freeSpace;
            Datastore[] datastores = hostSystem.getDatastores();
            Datastore dataStore = Arrays.stream(datastores).filter(myds -> myds.getName().equals("")).findFirst().orElse(null);
            if(dataStore != null){

            } else {
                // Datastore not found
            }
            ComputeResource cr = (ComputeResource) hostSystem.getParent();
            ResourcePool resourcePool = cr.getResourcePool();
            relSpec.setDatastore(ds.getMOR());
            System.out.printf(resourcePool.getName());
            ResourcePool[] resourcePools = resourcePool.getResourcePools();
            Arrays.stream(resourcePools).forEach(rp -> System.out.println(rp.getName()));
            resourcePool = Arrays.stream(resourcePools).filter(rp -> rp.getName().equals("NamedResourcePool")).findFirst().orElse(resourcePool);
            relSpec.setPool(resourcePool.getMOR());
            Task task = vm.relocateVM_Task(relSpec);
            String result = task.waitForTask();
            retVal = result.equals(Task.SUCCESS);
            return retVal;
        } catch (PlatformConfigFault f) {
            throw new VMWareException(f);
        } catch (RemoteException exc) {
            throw new VMWareException(exc);
        } catch (Exception exc) {
            throw new VMWareException(exc);
        }
    }

    public String getHostSystemForVM(final String vmName) throws VMWareException {
        ServiceInstance si = null;
        try {
            si = this.getServerInstance();
            boolean found = false;
            HostSystem hostSystem = null;
            ManagedEntity[] hostsystems = new InventoryNavigator(si.getRootFolder()).searchManagedEntities("HostSystem");
            for (ManagedEntity hostsystem : hostsystems) {
                HostSystem host = (HostSystem) hostsystem;
                VirtualMachine[] vms = host.getVms();
                for (VirtualMachine vm : vms) {
                    if (vm.getName().equals(vmName)) {
                        hostSystem = host;
                        found = true;
                        break;
                    }
                }
                if (found)
                    break;
            }
            return hostSystem.getName();
        } catch (PlatformConfigFault f) {
            throw new VMWareException(f);
        } catch (RemoteException exc) {
            throw new VMWareException(exc);
        } catch (Exception exc) {
            throw new VMWareException(exc);
        }
    }
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

package be.visualstation.vmware.test;

import com.vmware.vim25.PlatformConfigFault;

import com.vmware.vim25.VirtualMachineRelocateSpec;

import com.vmware.vim25.mo.*;

import java.net.MalformedURLException;

import java.net.URL;

import java.rmi.RemoteException;

import java.util.Arrays;

import java.util.logging.Level;

import java.util.logging.Logger;

public class MoveVM {

private ServiceInstance serviceInstance;

private static Logger logger = Logger.getLogger("Example");

public LoginConfiguration loginConfiguration;

public static void main(String[] args) throws VMWareException {

MoveVM mvm = new MoveVM();

mvm.loginConfiguration = new LoginConfiguration("Username","Password","https://vCenter/sdk");

mvm.moveVmToHostSystem("vmName","destinationHost (memeber of the cluster/or host)");

}

private ServiceInstance getServerInstance() throws MalformedURLException, RemoteException {

if (serviceInstance == null) {

logger.info("Server instance is NULL ... creating a new connection");

URL url = new URL(loginConfiguration.getVmwareUrl());

serviceInstance = new ServiceInstance(url, loginConfiguration.getUserName(), loginConfiguration.getPassword(), true);

}

return serviceInstance;

}

public Boolean moveVmToHostSystem(final String vmName, final String hostName) throws VMWareException {

ServiceInstance si = null;

boolean retVal;

try {

si = this.getServerInstance();

Folder rootFolder = si.getRootFolder();

VirtualMachine vm = (VirtualMachine) new InventoryNavigator(rootFolder).searchManagedEntity("VirtualMachine", vmName);

HostSystem hostSystem = null;

ManagedEntity[] hostSystems = new InventoryNavigator(si.getRootFolder()).searchManagedEntities("HostSystem");

for (ManagedEntity hostSystem1 : hostSystems) {

HostSystem host = (HostSystem) hostSystem1;

if (host.getName().equalsIgnoreCase(hostName)) {

logger.log(Level.FINE, "Found HostSystem: " + hostName);

hostSystem = host;

} else {

logger.log(Level.FINE, "HostSystem: " + hostName + " not found! Using default HostSystem.");

}

VirtualMachineRelocateSpec relSpec = new VirtualMachineRelocateSpec();

relSpec.setHost(hostSystem.getMOR());

Datastore ds = hostSystem.getDatastores()[0];//.getInfo().freeSpace;

Datastore[] datastores = hostSystem.getDatastores();

Datastore dataStore = Arrays.stream(datastores).filter(myds -> myds.getName().equals("")).findFirst().orElse(null);

if(dataStore != null){

} else {

// Datastore not found

}

ComputeResource cr = (ComputeResource) hostSystem.getParent();

ResourcePool resourcePool = cr.getResourcePool();

relSpec.setDatastore(ds.getMOR());

System.out.printf(resourcePool.getName());

ResourcePool[] resourcePools = resourcePool.getResourcePools();

Arrays.stream(resourcePools).forEach(rp -> System.out.println(rp.getName()));

resourcePool = Arrays.stream(resourcePools).filter(rp -> rp.getName().equals("NamedResourcePool")).findFirst().orElse(resourcePool);

relSpec.setPool(resourcePool.getMOR());

Task task = vm.relocateVM_Task(relSpec);

String result = task.waitForTask();

retVal = result.equals(Task.SUCCESS);

return retVal;

} catch (PlatformConfigFault f) {

throw new VMWareException(f);

} catch (RemoteException exc) {

throw new VMWareException(exc);

} catch (Exception exc) {

throw new VMWareException(exc);

}

public String getHostSystemForVM(final String vmName) throws VMWareException {

ServiceInstance si = null;

try {

si = this.getServerInstance();

boolean found = false;

HostSystem hostSystem = null;

ManagedEntity[] hostsystems = new InventoryNavigator(si.getRootFolder()).searchManagedEntities("HostSystem");

for (ManagedEntity hostsystem : hostsystems) {

HostSystem host = (HostSystem) hostsystem;

VirtualMachine[] vms = host.getVms();

for (VirtualMachine vm : vms) {

if (vm.getName().equals(vmName)) {

hostSystem = host;

found = true;

break;

}

if (found)

break;

}

return hostSystem.getName();

} catch (PlatformConfigFault f) {

throw new VMWareException(f);

} catch (RemoteException exc) {

throw new VMWareException(exc);

} catch (Exception exc) {

throw new VMWareException(exc);

}

package be.visualstation.vmware.test;

public class LoginConfiguration {
    private String username;
    private String password;
    private String vmwareUrl;

    public LoginConfiguration(final String username, final String password, final String vmwareUrl) {
        this.username = username;
        this.password = password;
        this.vmwareUrl = vmwareUrl;
    }

    public String getUserName() {
        return username;
    }

    public String getPassword() {
        return password;
    }

    public String getOriginalPassword() {
        return password;
    }

    public String getVmwareUrl() {
        return vmwareUrl;
    }
}

package be.visualstation.vmware.test;

public class LoginConfiguration {

private String username;

private String password;

private String vmwareUrl;

public LoginConfiguration(final String username, final String password, final String vmwareUrl) {

this.username = username;

this.password = password;

this.vmwareUrl = vmwareUrl;

}

public String getUserName() {

return username;

}

public String getPassword() {

return password;

}

public String getOriginalPassword() {

return password;

}

public String getVmwareUrl() {

return vmwareUrl;

}

package be.visualstation.vmware.test;

public class VMWareException extends Exception {


    /**
     *
     */
    private static final long serialVersionUID = 8779050125374959365L;

    /**
     *
     * @param exc
     */
    public VMWareException(Exception exc) {
        super(exc);
    }

    public VMWareException(String cause) {
        super(cause);
    }

    /**
     *
     * @param cause
     * @param exc
     */
    public VMWareException(String cause, VMWareException exc) {
        super(cause, exc);
    }

    public VMWareException(String cause, Exception exc) {
        super(cause, exc);
    }
}

package be.visualstation.vmware.test;

public class VMWareException extends Exception {

/**

private static final long serialVersionUID = 8779050125374959365L;

/**

* @param exc

public VMWareException(Exception exc) {

super(exc);

}

public VMWareException(String cause) {

super(cause);

}

/**

* @param cause

* @param exc

public VMWareException(String cause, VMWareException exc) {

super(cause, exc);

}

public VMWareException(String cause, Exception exc) {

super(cause, exc);

}

Upload file via VMware VM Agent – Java

package be.visualstation.vmagent.cli;

import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;
import org.slf4j.Logger;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Instant;

public class FileUpload implements Runnable {
    final static Logger logger = org.slf4j.LoggerFactory.getLogger(FileUpload.class);

    File source = null;
    String destination = null;
    URI uri = null;

    public FileUpload(File source, URI uri){
        this.source = source;
        this.destination = destination;
        this.uri = uri;
    }

    public static HttpClient createHttpClient_AcceptsUntrustedCerts() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        HttpClientBuilder b = HttpClientBuilder.create();
        SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
            public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
                return true;
            }
        }).build();
        b.setSslcontext( sslContext);
        HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
        SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
        Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
                .register("http", PlainConnectionSocketFactory.getSocketFactory())
                .register("https", sslSocketFactory)
                .build();
        PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager( socketFactoryRegistry);
        b.setConnectionManager( connMgr);

        HttpClient client = b.build();
        return client;
    }

    @Override
    public void run() {
        HttpClient httpClient = null;
        try {
            Instant i1 = Instant.now();
            logger.info("File transfer started @ " + i1.toString() + " for " + this.source.getName() + " (Size: " + Long.toString(this.source.length()) + " bytes).");
            httpClient = createHttpClient_AcceptsUntrustedCerts();
            HttpPut httpPut = new HttpPut(this.uri);
            InputStreamEntity reqEntity = new InputStreamEntity(new FileInputStream(this.source), this.source.length(), ContentType.DEFAULT_BINARY);
            // VMware ESX Server does not support chunked data.
            reqEntity.setChunked(false);

            httpPut.setEntity(reqEntity);
            HttpResponse httpResponse = httpClient.execute(httpPut);
            logger.info(httpResponse.getEntity().toString());

            Instant i2 = Instant.now();
            long ns = java.time.Duration.between(i1,i2).toNanos();
            logger.info(String.format("File Transfer Duration: %s ns.",Long.toString(ns)));
            double seconds = ns / 1000000000;
            double rate = this.source.length() / seconds;
            logger.info("Average Transfer Rate: " + Double.toString(rate) + "B/s.");
        } catch (KeyStoreException e) {
            logger.error(e.toString());
        } catch (NoSuchAlgorithmException e) {
            logger.error(e.toString());
        } catch (KeyManagementException e) {
            logger.error(e.toString());
        } catch (ClientProtocolException e) {
            logger.error(e.toString());
        } catch (IOException e) {
            logger.error(e.toString());
        }
    }
}

100

101

package be.visualstation.vmagent.cli;

import org.apache.http.HttpResponse;

import org.apache.http.client.ClientProtocolException;

import org.apache.http.client.HttpClient;

import org.apache.http.client.methods.HttpPut;

import org.apache.http.config.Registry;

import org.apache.http.config.RegistryBuilder;

import org.apache.http.conn.socket.ConnectionSocketFactory;

import org.apache.http.conn.socket.PlainConnectionSocketFactory;

import org.apache.http.conn.ssl.SSLConnectionSocketFactory;

import org.apache.http.entity.ContentType;

import org.apache.http.entity.InputStreamEntity;

import org.apache.http.impl.client.HttpClientBuilder;

import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;

import org.apache.http.ssl.SSLContextBuilder;

import org.apache.http.ssl.TrustStrategy;

import org.slf4j.Logger;

import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.SSLContext;

import java.io.File;

import java.io.FileInputStream;

import java.io.IOException;

import java.net.URI;

import java.security.KeyManagementException;

import java.security.KeyStoreException;

import java.security.NoSuchAlgorithmException;

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import java.time.Instant;

public class FileUpload implements Runnable {

final static Logger logger = org.slf4j.LoggerFactory.getLogger(FileUpload.class);

File source = null;

String destination = null;

URI uri = null;

public FileUpload(File source, URI uri){

this.source = source;

this.destination = destination;

this.uri = uri;

}

public static HttpClient createHttpClient_AcceptsUntrustedCerts() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {

HttpClientBuilder b = HttpClientBuilder.create();

SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {

public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {

return true;

}

}).build();

b.setSslcontext( sslContext);

HostnameVerifier hostnameVerifier = SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;

SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);

Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()

.register("http", PlainConnectionSocketFactory.getSocketFactory())

.register("https", sslSocketFactory)

.build();

PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager( socketFactoryRegistry);

b.setConnectionManager( connMgr);

HttpClient client = b.build();

return client;

}

@Override

public void run() {

HttpClient httpClient = null;

try {

Instant i1 = Instant.now();

logger.info("File transfer started @ " + i1.toString() + " for " + this.source.getName() + " (Size: " + Long.toString(this.source.length()) + " bytes).");

httpClient = createHttpClient_AcceptsUntrustedCerts();

HttpPut httpPut = new HttpPut(this.uri);

InputStreamEntity reqEntity = new InputStreamEntity(new FileInputStream(this.source), this.source.length(), ContentType.DEFAULT_BINARY);

// VMware ESX Server does not support chunked data.

reqEntity.setChunked(false);

httpPut.setEntity(reqEntity);

HttpResponse httpResponse = httpClient.execute(httpPut);

logger.info(httpResponse.getEntity().toString());

Instant i2 = Instant.now();

long ns = java.time.Duration.between(i1,i2).toNanos();

logger.info(String.format("File Transfer Duration: %s ns.",Long.toString(ns)));

double seconds = ns / 1000000000;

double rate = this.source.length() / seconds;

logger.info("Average Transfer Rate: " + Double.toString(rate) + "B/s.");

} catch (KeyStoreException e) {

logger.error(e.toString());

} catch (NoSuchAlgorithmException e) {

logger.error(e.toString());

} catch (KeyManagementException e) {

logger.error(e.toString());

} catch (ClientProtocolException e) {

logger.error(e.toString());

} catch (IOException e) {

logger.error(e.toString());

}

package be.visualstation.vmagent.cli;

import be.visualstation.vmagent.config.ConfigUtil;
import com.vmware.vim25.GuestFileAttributes;
import com.vmware.vim25.NamePasswordAuthentication;
import com.vmware.vim25.mo.*;
import org.slf4j.Logger;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.rmi.RemoteException;
import java.security.cert.X509Certificate;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

public class FileUploadMT {
    final static Logger logger = org.slf4j.LoggerFactory.getLogger(FileUploadMT.class);

    public static void main(String[] args) {
        TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                    public void checkClientTrusted(
                            X509Certificate[] certs, String authType) {
                    }
                    public void checkServerTrusted(
                            X509Certificate[] certs, String authType) {
                    }
                }
        };

        try {
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        } catch (Exception e) {
        }

        try {
            ServiceInstance si = ConfigUtil.createServiceInstance();
            if(si != null){
                String vmName = "vm-1";
                Folder rootFolder = si.getRootFolder();
                GuestOperationsManager gom = si.getGuestOperationsManager();
                VirtualMachine vm = (VirtualMachine) new InventoryNavigator(rootFolder).searchManagedEntity("VirtualMachine", vmName);
                Path path = Paths.get("C:\\Test.file");
                FileUpload fu1, fu2;
                ExecutorService executor = Executors.newFixedThreadPool(5);
                if(vm != null){
                    GuestFileManager gfm = gom.getFileManager(vm);
                    NamePasswordAuthentication creds = new NamePasswordAuthentication();
                    creds.setUsername("root");
                    creds.setPassword("password");
                    String s = gfm.initiateFileTransferToGuest(creds, "/root/" + path.getFileName().toString(), new GuestFileAttributes(),path.toFile().length(), true);
                    fu1 = new FileUpload(path.toFile(), new URI(s));
                    executor.submit(fu1);
                }

                String vmName2 = "vm2";
                VirtualMachine vm2 = (VirtualMachine) new InventoryNavigator(rootFolder).searchManagedEntity("VirtualMachine", vmName2);
                if(vm2 != null){
                    GuestFileManager gfm = gom.getFileManager(vm2);
                    NamePasswordAuthentication creds = new NamePasswordAuthentication();
                    creds.setUsername("Administrator");
                    creds.setPassword("password");
                    String s = gfm.initiateFileTransferToGuest(creds, "C:\\" + path.getFileName().toString(), new GuestFileAttributes(),path.toFile().length(), true);
                    fu2 = new FileUpload(path.toFile(), new URI(s));
                    executor.submit(fu2);
                }
            }
        } catch (RemoteException e) {
            e.printStackTrace();
        } catch (MalformedURLException e) {
            e.printStackTrace();
        } catch (URISyntaxException e) {
            e.printStackTrace();
        }
    }
}

package be.visualstation.vmagent.cli;

import be.visualstation.vmagent.config.ConfigUtil;

import com.vmware.vim25.GuestFileAttributes;

import com.vmware.vim25.NamePasswordAuthentication;

import com.vmware.vim25.mo.*;

import org.slf4j.Logger;

import javax.net.ssl.HttpsURLConnection;

import javax.net.ssl.SSLContext;

import javax.net.ssl.TrustManager;

import javax.net.ssl.X509TrustManager;

import java.net.MalformedURLException;

import java.net.URI;

import java.net.URISyntaxException;

import java.nio.file.Path;

import java.nio.file.Paths;

import java.rmi.RemoteException;

import java.security.cert.X509Certificate;

import java.util.concurrent.ExecutorService;

import java.util.concurrent.Executors;

public class FileUploadMT {

final static Logger logger = org.slf4j.LoggerFactory.getLogger(FileUploadMT.class);

public static void main(String[] args) {

TrustManager[] trustAllCerts = new TrustManager[]{

new X509TrustManager() {

public X509Certificate[] getAcceptedIssuers() {

return null;

}

public void checkClientTrusted(

X509Certificate[] certs, String authType) {

}

public void checkServerTrusted(

X509Certificate[] certs, String authType) {

}

};

try {

SSLContext sc = SSLContext.getInstance("SSL");

sc.init(null, trustAllCerts, new java.security.SecureRandom());

HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

} catch (Exception e) {

}

try {

ServiceInstance si = ConfigUtil.createServiceInstance();

if(si != null){

String vmName = "vm-1";

Folder rootFolder = si.getRootFolder();

GuestOperationsManager gom = si.getGuestOperationsManager();

VirtualMachine vm = (VirtualMachine) new InventoryNavigator(rootFolder).searchManagedEntity("VirtualMachine", vmName);

Path path = Paths.get("C:\\Test.file");

FileUpload fu1, fu2;

ExecutorService executor = Executors.newFixedThreadPool(5);

if(vm != null){

GuestFileManager gfm = gom.getFileManager(vm);

NamePasswordAuthentication creds = new NamePasswordAuthentication();

creds.setUsername("root");

creds.setPassword("password");

String s = gfm.initiateFileTransferToGuest(creds, "/root/" + path.getFileName().toString(), new GuestFileAttributes(),path.toFile().length(), true);

fu1 = new FileUpload(path.toFile(), new URI(s));

executor.submit(fu1);

}

String vmName2 = "vm2";

VirtualMachine vm2 = (VirtualMachine) new InventoryNavigator(rootFolder).searchManagedEntity("VirtualMachine", vmName2);

if(vm2 != null){

GuestFileManager gfm = gom.getFileManager(vm2);

NamePasswordAuthentication creds = new NamePasswordAuthentication();

creds.setUsername("Administrator");

creds.setPassword("password");

String s = gfm.initiateFileTransferToGuest(creds, "C:\\" + path.getFileName().toString(), new GuestFileAttributes(),path.toFile().length(), true);

fu2 = new FileUpload(path.toFile(), new URI(s));

executor.submit(fu2);

}

} catch (RemoteException e) {

e.printStackTrace();

} catch (MalformedURLException e) {

e.printStackTrace();

} catch (URISyntaxException e) {

e.printStackTrace();

}

Upgrade UCS Performance Manager from 2.0.0 to 2.0.2

UCS Performance Manager is another “wonderful” product of Cisco for monitoring your physical and virtual infrastructure.

Requirements:

8 vCPUs
40 GB of memory

The upgrade should be easy, but it’s not. My upgrade process was stuck due to the process zenmail blocked in running mode. Then to be able to upgrade I had to open 2 shell sessions:

1 with the upgrade process
1 with the root shell

During the process, I have got a quick look at /mnt/cdrom/update-zenoss.sh

#!/bin/bash

# Path to all the resources on the CD.
ISOMOUNT="/mnt/cdrom"

MANIFEST_FILE=$ISOMOUNT/build/manifest.json
ZENOSS_TYPE=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['type']")

LOGFILE="/tmp/upgrade-$ZENOSS_TYPE-$(date +'%Y-%m%d-%H%M%S').log"
> $LOGFILE
exec > >(tee -a $LOGFILE)
exec 2> >(tee -a $LOGFILE >&2)

## PREREQUISITES AND CONTEXT
function red () {
    tput setaf 1
    echo $@
    tput sgr0
}

function green () {
    tput setaf 2
    echo $@
    tput sgr0
}

function failure_prompt () {
    red $@ >&2
    red Upgrade log stored at $LOGFILE.
    read -n1 -r -p "Upgrade failed. Press any key to return."
    exit 1

}

green Upgrade log stored at $LOGFILE.

THINPOOL_DEVICE=$(source /etc/default/serviced; echo $SERVICED_DM_THINPOOLDEV)
if [ "$THINPOOL_DEVICE" = "" ]; then
    red "Serviced appears to be using a loopback thinpool device."
    red "It is highly recommended that you migrate to an LVM device for improved performance."
    echo
    read -n1 -r -p "Press Escape to abort now, or any other key to continue." II
    echo
    if [ "$II" = $'\e' ]; then
        exit 1
    fi
fi


# Setup variables from manifest file.
 DOCKER_IMAGES=$(python -c "import json; print ' '.join(json.load(open('$MANIFEST_FILE'))['images'].values())")
   RPM_IMPORT4=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['rpms']['import4']" 2>/dev/null)
  RPM_SERVICED=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['rpms']['serviced']")
    RPM_SVCDEF=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['rpms']['svcdef']")
  ZENOSS_IMAGE=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['images']['zenoss'][len('install-zenoss-'):-len('.run')]")
  ZENOSS_SHORT=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['images']['zenoss'][len('install-zenoss-'):].split(':')[0]")
ZENOSS_VERSION=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['zenoss-version']")
IS_MASTER=$(source /etc/default/serviced; echo $SERVICED_MASTER)
if [ "$IS_MASTER" = "" ]; then
    IS_MASTER="1"
fi


# Update admin menu.
\cp -r -f $ISOMOUNT/common/appliance/standard/* /root/appliance
\cp -r -f $ISOMOUNT/common/appliance/$ZENOSS_TYPE/* /root/appliance

## UTILITY FUNCTIONS
function stop_all_services () {
    serviced service stop $ZENOSS_TYPE 2>/dev/null
    RETRIES=60
    STATUS=""
    until [ "$STATUS" = "Stopped" ] || [ "$RETRIES" -le 0 ]; do
        STATUS=$(serviced service status --show-fields 'Status' 2>/dev/null | grep -v "Stopped" | grep -v "Status" | grep -v ^[[:space:]]*$)
        if [ -z "$STATUS" ]; then
            STATUS="Stopped"
        fi
        sleep 5
        ((RETRIES--))
    done
    if [ "$RETRIES" -le 0 ]; then
        failure_prompt "Failed to stop all $ZENOSS_TYPE services."
    fi
}

function restart_serviced () {
    green "Restarting $ZENOSS_TYPE..."
    systemctl unmask serviced --quiet
    systemctl enable serviced --quiet
    systemctl restart serviced --quiet
    STATUS=""
    RETRIES=60
    until (serviced healthcheck &> /dev/null) || [ "$RETRIES" -le 0 ]; do
        sleep 5
        ((RETRIES--))
    done
    if [ "$RETRIES" -le 0 ]; then
        failure_prompt "Failed to restart serviced."
    fi
    green "Restarted $ZENOSS_TYPE."

}

function create_thinpool_check() {
    if [ ! -f "$1" ]; then
        cat <<EOF > $1
#!/bin/bash

function check_for_thinpools () {
  if [ ! -e /dev/mapper/docker-docker--pool ]; then
    exit 1
  fi

  if [ ! -e /dev/mapper/serviced-serviced--pool ]; then
    exit 1
  fi
}

while ( ! check_for_thinpools ); do
    sleep 5
done
EOF
        chmod +x $1
    fi
}


## UPGRADE PROCEDURE
green "Stopping $ZENOSS_TYPE services..."
stop_all_services
green "$ZENOSS_TYPE services stopped."

green "Stopping serviced..."
systemctl stop serviced --quiet
STATUS=""
RETRIES=60
until [ "$STATUS" = "inactive" ] || [ "$STATUS" = "failed" ] || [ "$RETRIES" -le 0 ]; do
    STATUS=$(systemctl show serviced 2>/dev/null | awk -F= '/ActiveState/ { print $2 }')
    sleep 5
    ((RETRIES--))
done
if [ "$RETRIES" -le 0 ]; then
    failure_prompt "Failed to stop serviced."
fi
systemctl mask serviced --quiet
green "Serviced stopped."


green "Updating system packages..."
cat <<EOF > /etc/yum.repos.d/centos-update-mirror.repo
[centos-update-mirror]
name=Centos update mirror
baseurl=file://$ISOMOUNT/centos-repo
enabled=0
gpgcheck=0
EOF
yum update -y --disablerepo=\* --enablerepo=centos-update-mirror
rm -f /etc/yum.repos.d/centos-update-mirror.repo
green "System packages updated."


cd $ISOMOUNT/build


# Replace old yum-mirror, if any, with new one.
RHEL_VERSION=$(awk '{print $4}' /etc/redhat-release)
YUM_MIRROR=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['yum-mirror-centos$RHEL_VERSION']")
OLD_MIRROR=$(yum list --disablerepo=\* | awk '/^yum-mirror-centos/ { print $1}')
if [ ! -z "$OLD_MIRROR" ]; then
    yum remove -y $OLD_MIRROR &> /dev/null
fi
yum remove -y yum-mirror-ucspm-unstable
yum install -y $YUM_MIRROR 2>/dev/null
yum clean all


# Modify the serviced configs before it's upgraded and restarted.
if ! grep -xq 'SERVICED_DOCKER_REGISTRY=.*' /etc/default/serviced; then
    echo 'SERVICED_DOCKER_REGISTRY=localhost:5000' >> /etc/default/serviced
fi

if [ "$THINPOOL_DEVICE" = "" ]; then
    echo 'SERVICED_ALLOW_LOOP_BACK=true' >> /etc/default/serviced
fi


green "Importing $ZENOSS_TYPE Docker images..."
systemctl restart docker --quiet
for IMAGE in $DOCKER_IMAGES; do
    ./$IMAGE -y &> /dev/null
    IMAGE_NV=${IMAGE%%.run}
    IMAGE_NV=${IMAGE_NV##install-}
    IFS=":" read -ra IMAGE_INFO <<< "$IMAGE_NV"
    IMAGE_NAME=$(echo ${IMAGE_INFO[0]} | tr '-' '.')
    IMAGE_VERSION=${IMAGE_INFO[1]}
    IMAGE_INSTALLED=$(docker images | grep $IMAGE_NAME | grep $IMAGE_VERSION)
    if [ -z "$IMAGE_INSTALLED" ]; then
        failure_prompt "Error importing $IMAGE."
    fi
done
green "Imported $ZENOSS_TYPE Docker images."


# Updating serviced will also upgrade Docker.
green "Upgrading serviced and dependencies..."
yum install -y --disablerepo=\* --enablerepo=zenoss-mirror ${RPM_SERVICED%%.rpm}
if [ $? -ne 0 ]; then
    failure_prompt "Failed to upgrade serviced binary."
fi
green "Upgraded serviced and dependencies."


DOCKER_CONF="/etc/systemd/system/docker.service.d/docker.conf"
if [ -f "$DOCKER_CONF" ]; then
    # Switch Docker DNS to support Docker 1.9 upgrade.
    DOCKER_DNS=$(ip addr show docker0 | grep inet | grep -v inet6 | awk '{print $2}' | awk -F / '{print $1}')
    DOCKER_BIP=$DOCKER_DNS/24
    sed -i -e "s;--dns=.*;--dns=$DOCKER_DNS --bip=$DOCKER_BIP;" "$DOCKER_CONF"

    # Set Docker startup timeout
    TimeoutSec=$(source $DOCKER_CONF &>/dev/null; echo $TimeoutSec)
    if [ -z "$TimeoutSec" ]; then
        echo "TimeoutSec=300" >> "$DOCKER_CONF"
    elif [ "$TimeoutSec" -lt 300 ]; then
        sed -i -e "s/TimeoutSec=.*/TimeoutSec=300/" "$DOCKER_CONF"
    fi

    # Add devicemapper wait if not using thinpools
    if [ "$THINPOOL_DEVICE" != "" ]; then
        # Create thinpool check script
        THINPOOL_SCRIPT=/root/appliance/docker-thinpool-check.sh
        create_thinpool_check $THINPOOL_SCRIPT
        THINPOOL_PRE=$(grep $THINPOOL_SCRIPT $DOCKER_CONF)
        if [ -z "$THINPOOL_PRE" ]; then
            echo "ExecStartPre=$THINPOOL_SCRIPT" >> "$DOCKER_CONF"
        fi
        systemctl daemon-reload
    fi
fi


if [ "$IS_MASTER" = "1" ]; then
    # Serviced must be running for 'serviced docker sync' to succeed.
    restart_serviced
    serviced docker sync

    green "Installing new service definition..."
    yum install -y --disablerepo=\* --enablerepo=zenoss-mirror $RPM_IMPORT4 $RPM_SVCDEF 2> /dev/null
    green "New service definition installed."

    stop_all_services

    # If this is the master, we cannot proceed with the upgrade until the agents have been upgraded first.
    if [ "$IS_MASTER" = "1" ]; then
      OLD_AGENTS=""
      MY_INFO=$(serviced host list --show-fields=Addr,Release | grep $(ifconfig | awk '/inet / { print "-e" $2 }'))
      if [ -z "$MY_INFO" ]; then
        red "Could not determine this host's address and release. Cannot determine if all agents are updated."
        echo
        read -n1 -r -p "Press Enter to continue."
      else
        MY_IP=$(awk '{print $1}' <<< "$MY_INFO")
        MY_RELEASE=$(awk '{print $2}' <<< "$MY_INFO")
        AGENT_RELEASES=$(serviced host list --show-fields=Addr,Release | grep -v Addr | grep -v -F "$MY_IP")
        OLD_AGENTS=$(grep -v -F $MY_RELEASE <<< "$AGENT_RELEASES")
      fi

      if [ ! -z "$OLD_AGENTS" ]; then
          red "This host appears to be the master host."
          red "One or more agents do not appear to have been upgraded yet."
          serviced host list --show-fields=Name,Addr,Release | grep -v -F $MY_IP
          echo
          failure_prompt "Please upgrade agent hosts first before upgrading this host."
      fi
    fi

    # Pull the zenoss image, rsync to /root/5.Z.x
    green "Updating" $ZENOSS_TYPE "..."
    ZENOSS_5DOT=${ZENOSS_VERSION%?}x
    docker run -it --rm -v /root:/mnt/root zenoss/${ZENOSS_IMAGE} rsync -a /root/${ZENOSS_5DOT} /mnt/root
    sed -i -e "s/^SVC_USE zenoss\/${ZENOSS_SHORT}:5.* /SVC_USE zenoss\/${ZENOSS_IMAGE} /g" /root/${ZENOSS_5DOT}/upgrade-${ZENOSS_TYPE}.txt
    /root/${ZENOSS_5DOT}/upgrade-${ZENOSS_TYPE}-${ZENOSS_5DOT}.sh
    if [ $? -ne 0 ]; then
        red "Error upgrading $ZENOSS_TYPE." >&2
        failure_prompt "You may need to remove one or more preupgrade snapshots before retrying this upgrade."
    fi
    green "Updated $ZENOSS_TYPE."
    stop_all_services
fi

systemctl stop serviced --quiet

green "$ZENOSS_TYPE upgraded successfully."
read -n1 -r -p "Press any key to reboot..."
systemctl unmask serviced
systemctl enable serviced
green Upgrade log stored at $LOGFILE.
reboot

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

#!/bin/bash

# Path to all the resources on the CD.

ISOMOUNT="/mnt/cdrom"

MANIFEST_FILE=$ISOMOUNT/build/manifest.json

ZENOSS_TYPE=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['type']")

LOGFILE="/tmp/upgrade-$ZENOSS_TYPE-$(date +'%Y-%m%d-%H%M%S').log"

> $LOGFILE

exec > >(tee -a $LOGFILE)

exec 2> >(tee -a $LOGFILE >&2)

## PREREQUISITES AND CONTEXT

function red () {

tput setaf 1

echo $@

tput sgr0

}

function green () {

tput setaf 2

echo $@

tput sgr0

}

function failure_prompt () {

red $@ >&2

red Upgrade log stored at $LOGFILE.

read -n1 -r -p "Upgrade failed. Press any key to return."

exit 1

}

green Upgrade log stored at $LOGFILE.

THINPOOL_DEVICE=$(source /etc/default/serviced; echo $SERVICED_DM_THINPOOLDEV)

if [ "$THINPOOL_DEVICE" = "" ]; then

red "Serviced appears to be using a loopback thinpool device."

red "It is highly recommended that you migrate to an LVM device for improved performance."

echo

read -n1 -r -p "Press Escape to abort now, or any other key to continue." II

echo

if [ "$II" = $'\e' ]; then

exit 1

# Setup variables from manifest file.

DOCKER_IMAGES=$(python -c "import json; print ' '.join(json.load(open('$MANIFEST_FILE'))['images'].values())")

RPM_IMPORT4=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['rpms']['import4']" 2>/dev/null)

RPM_SERVICED=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['rpms']['serviced']")

RPM_SVCDEF=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['rpms']['svcdef']")

ZENOSS_IMAGE=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['images']['zenoss'][len('install-zenoss-'):-len('.run')]")

ZENOSS_SHORT=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['images']['zenoss'][len('install-zenoss-'):].split(':')[0]")

ZENOSS_VERSION=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['zenoss-version']")

IS_MASTER=$(source /etc/default/serviced; echo $SERVICED_MASTER)

if [ "$IS_MASTER" = "" ]; then

IS_MASTER="1"

# Update admin menu.

\cp -r -f $ISOMOUNT/common/appliance/standard/* /root/appliance

\cp -r -f $ISOMOUNT/common/appliance/$ZENOSS_TYPE/* /root/appliance

## UTILITY FUNCTIONS

function stop_all_services () {

serviced service stop $ZENOSS_TYPE 2>/dev/null

RETRIES=60

STATUS=""

until [ "$STATUS" = "Stopped" ] || [ "$RETRIES" -le 0 ]; do

STATUS=$(serviced service status --show-fields 'Status' 2>/dev/null | grep -v "Stopped" | grep -v "Status" | grep -v ^[[:space:]]*$)

if [ -z "$STATUS" ]; then

STATUS="Stopped"

sleep 5

((RETRIES--))

done

if [ "$RETRIES" -le 0 ]; then

failure_prompt "Failed to stop all $ZENOSS_TYPE services."

}

function restart_serviced () {

green "Restarting $ZENOSS_TYPE..."

systemctl unmask serviced --quiet

systemctl enable serviced --quiet

systemctl restart serviced --quiet

STATUS=""

RETRIES=60

until (serviced healthcheck &> /dev/null) || [ "$RETRIES" -le 0 ]; do

sleep 5

((RETRIES--))

done

if [ "$RETRIES" -le 0 ]; then

failure_prompt "Failed to restart serviced."

green "Restarted $ZENOSS_TYPE."

}

function create_thinpool_check() {

if [ ! -f "$1" ]; then

cat <<EOF > $1

#!/bin/bash

function check_for_thinpools () {

if [ ! -e /dev/mapper/docker-docker--pool ]; then

exit 1

if [ ! -e /dev/mapper/serviced-serviced--pool ]; then

exit 1

}

while ( ! check_for_thinpools ); do

sleep 5

done

EOF

chmod +x $1

}

## UPGRADE PROCEDURE

green "Stopping $ZENOSS_TYPE services..."

stop_all_services

green "$ZENOSS_TYPE services stopped."

green "Stopping serviced..."

systemctl stop serviced --quiet

STATUS=""

RETRIES=60

until [ "$STATUS" = "inactive" ] || [ "$STATUS" = "failed" ] || [ "$RETRIES" -le 0 ]; do

STATUS=$(systemctl show serviced 2>/dev/null | awk -F= '/ActiveState/ { print $2 }')

sleep 5

((RETRIES--))

done

if [ "$RETRIES" -le 0 ]; then

failure_prompt "Failed to stop serviced."

systemctl mask serviced --quiet

green "Serviced stopped."

green "Updating system packages..."

cat <<EOF > /etc/yum.repos.d/centos-update-mirror.repo

[centos-update-mirror]

name=Centos update mirror

baseurl=file://$ISOMOUNT/centos-repo

enabled=0

gpgcheck=0

EOF

yum update -y --disablerepo=\* --enablerepo=centos-update-mirror

rm -f /etc/yum.repos.d/centos-update-mirror.repo

green "System packages updated."

cd $ISOMOUNT/build

# Replace old yum-mirror, if any, with new one.

RHEL_VERSION=$(awk '{print $4}' /etc/redhat-release)

YUM_MIRROR=$(python -c "import json; print json.load(open('$MANIFEST_FILE'))['yum-mirror-centos$RHEL_VERSION']")

OLD_MIRROR=$(yum list --disablerepo=\* | awk '/^yum-mirror-centos/ { print $1}')

if [ ! -z "$OLD_MIRROR" ]; then

yum remove -y $OLD_MIRROR &> /dev/null

yum remove -y yum-mirror-ucspm-unstable

yum install -y $YUM_MIRROR 2>/dev/null

yum clean all

# Modify the serviced configs before it's upgraded and restarted.

if ! grep -xq 'SERVICED_DOCKER_REGISTRY=.*' /etc/default/serviced; then

echo 'SERVICED_DOCKER_REGISTRY=localhost:5000' >> /etc/default/serviced

if [ "$THINPOOL_DEVICE" = "" ]; then

echo 'SERVICED_ALLOW_LOOP_BACK=true' >> /etc/default/serviced

green "Importing $ZENOSS_TYPE Docker images..."

systemctl restart docker --quiet

for IMAGE in $DOCKER_IMAGES; do

./$IMAGE -y &> /dev/null

IMAGE_NV=${IMAGE%%.run}

IMAGE_NV=${IMAGE_NV##install-}

IFS=":" read -ra IMAGE_INFO <<< "$IMAGE_NV"

IMAGE_NAME=$(echo ${IMAGE_INFO[0]} | tr '-' '.')

IMAGE_VERSION=${IMAGE_INFO[1]}

IMAGE_INSTALLED=$(docker images | grep $IMAGE_NAME | grep $IMAGE_VERSION)

if [ -z "$IMAGE_INSTALLED" ]; then

failure_prompt "Error importing $IMAGE."

done

green "Imported $ZENOSS_TYPE Docker images."

# Updating serviced will also upgrade Docker.

green "Upgrading serviced and dependencies..."

yum install -y --disablerepo=\* --enablerepo=zenoss-mirror ${RPM_SERVICED%%.rpm}

if [ $? -ne 0 ]; then

failure_prompt "Failed to upgrade serviced binary."

green "Upgraded serviced and dependencies."

DOCKER_CONF="/etc/systemd/system/docker.service.d/docker.conf"

if [ -f "$DOCKER_CONF" ]; then

# Switch Docker DNS to support Docker 1.9 upgrade.

DOCKER_DNS=$(ip addr show docker0 | grep inet | grep -v inet6 | awk '{print $2}' | awk -F / '{print $1}')

DOCKER_BIP=$DOCKER_DNS/24

sed -i -e "s;--dns=.*;--dns=$DOCKER_DNS --bip=$DOCKER_BIP;" "$DOCKER_CONF"

# Set Docker startup timeout

TimeoutSec=$(source $DOCKER_CONF &>/dev/null; echo $TimeoutSec)

if [ -z "$TimeoutSec" ]; then

echo "TimeoutSec=300" >> "$DOCKER_CONF"

elif [ "$TimeoutSec" -lt 300 ]; then

sed -i -e "s/TimeoutSec=.*/TimeoutSec=300/" "$DOCKER_CONF"

# Add devicemapper wait if not using thinpools

if [ "$THINPOOL_DEVICE" != "" ]; then

# Create thinpool check script

THINPOOL_SCRIPT=/root/appliance/docker-thinpool-check.sh

create_thinpool_check $THINPOOL_SCRIPT

THINPOOL_PRE=$(grep $THINPOOL_SCRIPT $DOCKER_CONF)

if [ -z "$THINPOOL_PRE" ]; then

echo "ExecStartPre=$THINPOOL_SCRIPT" >> "$DOCKER_CONF"

systemctl daemon-reload

if [ "$IS_MASTER" = "1" ]; then

# Serviced must be running for 'serviced docker sync' to succeed.

restart_serviced

serviced docker sync

green "Installing new service definition..."

yum install -y --disablerepo=\* --enablerepo=zenoss-mirror $RPM_IMPORT4 $RPM_SVCDEF 2> /dev/null

green "New service definition installed."

stop_all_services

# If this is the master, we cannot proceed with the upgrade until the agents have been upgraded first.

if [ "$IS_MASTER" = "1" ]; then

OLD_AGENTS=""

MY_INFO=$(serviced host list --show-fields=Addr,Release | grep $(ifconfig | awk '/inet / { print "-e" $2 }'))

if [ -z "$MY_INFO" ]; then

red "Could not determine this host's address and release. Cannot determine if all agents are updated."

echo

read -n1 -r -p "Press Enter to continue."

else

MY_IP=$(awk '{print $1}' <<< "$MY_INFO")

MY_RELEASE=$(awk '{print $2}' <<< "$MY_INFO")

AGENT_RELEASES=$(serviced host list --show-fields=Addr,Release | grep -v Addr | grep -v -F "$MY_IP")

OLD_AGENTS=$(grep -v -F $MY_RELEASE <<< "$AGENT_RELEASES")

if [ ! -z "$OLD_AGENTS" ]; then

red "This host appears to be the master host."

red "One or more agents do not appear to have been upgraded yet."

serviced host list --show-fields=Name,Addr,Release | grep -v -F $MY_IP

echo

failure_prompt "Please upgrade agent hosts first before upgrading this host."

# Pull the zenoss image, rsync to /root/5.Z.x

green "Updating" $ZENOSS_TYPE "..."

ZENOSS_5DOT=${ZENOSS_VERSION%?}x

docker run -it --rm -v /root:/mnt/root zenoss/${ZENOSS_IMAGE} rsync -a /root/${ZENOSS_5DOT} /mnt/root

sed -i -e "s/^SVC_USE zenoss\/${ZENOSS_SHORT}:5.* /SVC_USE zenoss\/${ZENOSS_IMAGE} /g" /root/${ZENOSS_5DOT}/upgrade-${ZENOSS_TYPE}.txt

/root/${ZENOSS_5DOT}/upgrade-${ZENOSS_TYPE}-${ZENOSS_5DOT}.sh

if [ $? -ne 0 ]; then

red "Error upgrading $ZENOSS_TYPE." >&2

failure_prompt "You may need to remove one or more preupgrade snapshots before retrying this upgrade."

green "Updated $ZENOSS_TYPE."

stop_all_services

systemctl stop serviced --quiet

green "$ZENOSS_TYPE upgraded successfully."

read -n1 -r -p "Press any key to reboot..."

systemctl unmask serviced

systemctl enable serviced

green Upgrade log stored at $LOGFILE.

reboot

The script was hanging every time, it had to stop all services with serviced daemon.

After a quick look, the interesting line was: serviced service status --show-fields 'Status' 2>/dev/null | grep -v "Stopped" | grep -v "Status" | grep -v ^[[:space:]]*$

During 60 retries, the result was “Running” but to go further, it should be “Stopped”.

One service was still running every time: zenmail

To stop the zenmail process:

 serviced service status

1	serviced service status

Name                             ServiceID                   Status    HC Fail   Uptime   RAM    Cur/Max/Avg                Hostname    InSync   DockerID
└─ucspm                          4bpw93i5acfbpgofx7fhdcts5   Stopped                      1G
  ├─Zenoss                       1wttgp70u7rr1hp5hsekaf5ok                                0
  │ ├─Events                     3fde50vxwmsv3iiaa9l7v6h6h                                0
  │ │ ├─zeneventd                2c1nj565tsud6xa6fmtar8ya9   Stopped                      1G
  │ │ ├─zenactiond               65zdx83tz84wg6zp7rhkz304v   Stopped                      1G
  │ │ └─zeneventserver           74l937xhigujnvuvyo9x4165g   Running   X         13m39s   4G     1.2G / 1.6G / 653.5M       MUT0257AV   Y        ab9b85560da0
  │ ├─Metrics                    59472xtm2k2vqvbc7k3vyluyj                                0
  │ │ ├─MetricShipper            amkmzv3usnv94yp87btyzgh0j   Stopped                      256M
  │ │ ├─MetricConsumer           ej4gfzjrsz8jbdfb7l31zefsj   Stopped                      1G
  │ │ └─CentralQuery             erw5pa9iwjjxmmvscvnqzycur   Stopped                      1G
  │ ├─User Interface             bi300eavwhrtfdd20h098ufpm                                0
  │ │ ├─zenjobs                  3raxfni42bz0ag0s1j6b2i9m9   Stopped                      1G
  │ │ ├─zenjserver               4cye93z8j2rvxv8oddn7bbn3y   Stopped                      1G
  │ │ ├─Zope                     d2keujmor79xfifa9kjlb93d7   Stopped                      1G
  │ │ └─Zauth                    emz4rt91lsrwf8mbx30h155wi   Stopped                      1G
  │ └─Collection                 cmwtkr56kpfw82ollsjww4ugx                                0
  │   └─localhost                agjty667yjci4rj530c4wir98                                0
  │     ├─zenhub                 2g6ilamrg1q2qby6j5ry1vne5   Stopped                      1G
  │     └─localhost              8ixkyatz9ozvd0zdxg8655i9w                                0
  │       ├─zenucsevents         1l5h6nxxqqg1ykjk4yokzog8w   Stopped                      1G
  │       ├─zenping              2yuckbqa6k4dquttb63citugb   Stopped                      1G
  │       ├─zenperfsnmp          36vqrbl3r5aeiupbwvbblr4ml   Stopped                      1G
  │       ├─zencommand           3nysn2vsmjkrbc41sl20n37o9   Stopped                      1G
  │       ├─zenmail              6bnlfl5qzog18j4mrnxszllyx   Stopped                      1G
  │       ├─zminion              7fs2tbiw227voujzjljiqpxn7   Stopped                      256M
  │       ├─zenvsphere           ae8pgjgpr4ci9r7cb20nfgvqq   Stopped                      1G
  │       ├─MetricShipper        bxl1uxunffbaqj5p41py43s02   Stopped                      1G
  │       ├─zenpython            cl48l5pn0jipt6jj61g51qe7a   Stopped                      1G
  │       ├─zenmodeler           cso37jg9vvki7zp35fm5vyxdx   Stopped                      1G
  │       ├─collectorredis       cw9y1ype76ufi3jn2o5371m7g   Stopped                      1G
  │       └─zenpropertymonitor   dzn0u3g09qf04t3e1fcki3j8r   Stopped                      256M
  └─Infrastructure               aopt5zq50uted7ptnd6avjvxe                                0
    ├─Imp4MariaDB                2grmsfeannpimx6pov02i3gt6   Stopped                      256M
    ├─mariadb-model              46f3tnue52nmrbnm07n0xkzdv   Running             13m41s   2G     537.2M / 1.9G / 1.8G       MUT0257AV   Y        ed3ea6b27095
    ├─memcached                  4qa68pzradzugromxq7umdb4v   Stopped                      1G
    ├─HBase                      5ume15fx1qxpjnldmhg4x7ct3                                0
    │ ├─ZooKeeper                15zzn6r3eysc48yv2byyfsppt   Stopped                      1G
    │ ├─HMaster                  7uqk4psp2132b3ro1j090c4gl   Stopped                      1G
    │ └─RegionServer             a9t5wbuv55ay7tflllb494wxm   Stopped                      1G
    ├─zencatalogservice          8idrd6dcauitv9hq08eyei8da   Running             13m39s   1G     457.8M / 684.3M / 607.6M   MUT0257AV   Y        64e11a487276
    ├─mariadb-events             8p5p25l8iqn3rz787h29blf5x   Running             13m40s   2G     1.3G / 1.3G / 497.4M       MUT0257AV   Y        46f85bb87ec1
    ├─RabbitMQ                   anzmn1arugpffve1ymt389ckn   Running             13m40s   256M   120.9M / 202.3M / 181.7M   MUT0257AV   Y        1c6f5a165921
    ├─opentsdb                   bnci6e2y1ctl48ol3pm3w8uav                                0
    │ ├─reader                   706zlrn2rsspwzeo4foippngt   Stopped                      1G
    │ └─writer                   agwas47rorq9rs2wcdpugziq    Stopped                      1G
    ├─Imp4OpenTSDB               dhjjbpd4vq7776q7zm4ubhatn   Stopped                      128M
    └─redis                      f3kbg6gtrkmfy7xb02365d5nv   Running             13m38s   1G     26M / 28M / 25.1M          MUT0257AV   Y        f3e651116e0c

Name ServiceID Status HC Fail Uptime RAM Cur/Max/Avg Hostname InSync DockerID

└─ucspm 4bpw93i5acfbpgofx7fhdcts5 Stopped 1G

├─Zenoss 1wttgp70u7rr1hp5hsekaf5ok 0

│ ├─Events 3fde50vxwmsv3iiaa9l7v6h6h 0

│ │ ├─zeneventd 2c1nj565tsud6xa6fmtar8ya9 Stopped 1G

│ │ ├─zenactiond 65zdx83tz84wg6zp7rhkz304v Stopped 1G

│ │ └─zeneventserver 74l937xhigujnvuvyo9x4165g Running X 13m39s 4G 1.2G / 1.6G / 653.5M MUT0257AV Y ab9b85560da0

│ ├─Metrics 59472xtm2k2vqvbc7k3vyluyj 0

│ │ ├─MetricShipper amkmzv3usnv94yp87btyzgh0j Stopped 256M

│ │ ├─MetricConsumer ej4gfzjrsz8jbdfb7l31zefsj Stopped 1G

│ │ └─CentralQuery erw5pa9iwjjxmmvscvnqzycur Stopped 1G

│ ├─User Interface bi300eavwhrtfdd20h098ufpm 0

│ │ ├─zenjobs 3raxfni42bz0ag0s1j6b2i9m9 Stopped 1G

│ │ ├─zenjserver 4cye93z8j2rvxv8oddn7bbn3y Stopped 1G

│ │ ├─Zope d2keujmor79xfifa9kjlb93d7 Stopped 1G

│ │ └─Zauth emz4rt91lsrwf8mbx30h155wi Stopped 1G

│ └─Collection cmwtkr56kpfw82ollsjww4ugx 0

│ └─localhost agjty667yjci4rj530c4wir98 0

│ ├─zenhub 2g6ilamrg1q2qby6j5ry1vne5 Stopped 1G

│ └─localhost 8ixkyatz9ozvd0zdxg8655i9w 0

│ ├─zenucsevents 1l5h6nxxqqg1ykjk4yokzog8w Stopped 1G

│ ├─zenping 2yuckbqa6k4dquttb63citugb Stopped 1G

│ ├─zenperfsnmp 36vqrbl3r5aeiupbwvbblr4ml Stopped 1G

│ ├─zencommand 3nysn2vsmjkrbc41sl20n37o9 Stopped 1G

│ ├─zenmail 6bnlfl5qzog18j4mrnxszllyx Stopped 1G

│ ├─zminion 7fs2tbiw227voujzjljiqpxn7 Stopped 256M

│ ├─zenvsphere ae8pgjgpr4ci9r7cb20nfgvqq Stopped 1G

│ ├─MetricShipper bxl1uxunffbaqj5p41py43s02 Stopped 1G

│ ├─zenpython cl48l5pn0jipt6jj61g51qe7a Stopped 1G

│ ├─zenmodeler cso37jg9vvki7zp35fm5vyxdx Stopped 1G

│ ├─collectorredis cw9y1ype76ufi3jn2o5371m7g Stopped 1G

│ └─zenpropertymonitor dzn0u3g09qf04t3e1fcki3j8r Stopped 256M

└─Infrastructure aopt5zq50uted7ptnd6avjvxe 0

├─Imp4MariaDB 2grmsfeannpimx6pov02i3gt6 Stopped 256M

├─mariadb-model 46f3tnue52nmrbnm07n0xkzdv Running 13m41s 2G 537.2M / 1.9G / 1.8G MUT0257AV Y ed3ea6b27095

├─memcached 4qa68pzradzugromxq7umdb4v Stopped 1G

├─HBase 5ume15fx1qxpjnldmhg4x7ct3 0

│ ├─ZooKeeper 15zzn6r3eysc48yv2byyfsppt Stopped 1G

│ ├─HMaster 7uqk4psp2132b3ro1j090c4gl Stopped 1G

│ └─RegionServer a9t5wbuv55ay7tflllb494wxm Stopped 1G

├─zencatalogservice 8idrd6dcauitv9hq08eyei8da Running 13m39s 1G 457.8M / 684.3M / 607.6M MUT0257AV Y 64e11a487276

├─mariadb-events 8p5p25l8iqn3rz787h29blf5x Running 13m40s 2G 1.3G / 1.3G / 497.4M MUT0257AV Y 46f85bb87ec1

├─RabbitMQ anzmn1arugpffve1ymt389ckn Running 13m40s 256M 120.9M / 202.3M / 181.7M MUT0257AV Y 1c6f5a165921

├─opentsdb bnci6e2y1ctl48ol3pm3w8uav 0

│ ├─reader 706zlrn2rsspwzeo4foippngt Stopped 1G

│ └─writer agwas47rorq9rs2wcdpugziq Stopped 1G

├─Imp4OpenTSDB dhjjbpd4vq7776q7zm4ubhatn Stopped 128M

└─redis f3kbg6gtrkmfy7xb02365d5nv Running 13m38s 1G 26M / 28M / 25.1M MUT0257AV Y f3e651116e0c

Select the serviceID and execute the following command:

serviced service stop 6bnlfl5qzog18j4mrnxszllyx

Then wait till the end of the upgrade process and enjoy your upgraded UCS Performance Manager (and thanks Cisco for not providing any kind of document for the upgrade …).

Cisco Prime Service Catalog – Management Console of ServiceCatalog on Active Directory

Instead of passwords managed locally,

It’s time to use an LDAP/Active Directory to be able to manage users without restarting the Prime Service Catalog.

This modification has been done on a Custom Installation of Cisco Prime Service Catalog 11.1.1 Patch 3 and should be compatible with 11.2 (future version) as well.

First, make a backup of your configuration directory (on our environment, we use git with gitlab Community Edition, to keep an history of all our modifications).

Location: /opt/cisco-psc/wildfly-8.2.0.Final/ServiceCatalogServer/configuration

File to edit: standalone-full.xml

Edit the section security-realm and change the subsection ManagementRealm like this:

        <security-realms>
            <security-realm name="ManagementRealm">
                <authentication>
                        <jaas name="YOUR_SECURITY_DOMAIN"/>
                </authentication>
            </security-realm>
            <security-realm name="ApplicationRealm">
                <authentication>
                    <local default-user="$local"/>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>
        </security-realms>

<security-realms>

<security-realm name="ManagementRealm">

</authentication>

</security-realm>

<security-realm name="ApplicationRealm">

</authentication>

</security-realm>

</security-realms>

Edith the section security-domains and add a subsection security-domain like this:

                 <security-domain name="YOUR_SECURITY_DOMAIN" cache-type="default">
                     <authentication>
                         <login-module code="LdapExtended" flag="required">
                             <module-option name="java.naming.provider.url" value="ldap://YOUR_ACTIVEDIRECTORY_SERVER:389/"/>
                             <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                             <module-option name="java.naming.security.authentication" value="simple"/>
                             <module-option name="java.naming.referral" value="follow"/>
                             <module-option name="bindDN" value="USERNAME@ACTIVEDIRECTORY_DOMAIN"/>
                             <module-option name="bindCredential" value="PASSWORD"/>
                             <module-option name="baseCtxDN" value="OU=Users,OU=...,DC=ACTIVEDIRECTORY,DC=DOMAIN"/>
                             <module-option name="baseFilter" value="(sAMAccountName={0})"/>
                             <module-option name="roleAttributeID" value="memberOf"/>
                             <module-option name="roleAttributeIsDN" value="true"/>
                             <module-option name="rolesCtxDN" value="OU=Groups,OU=...,DC=ACTIVEDIRECTORY,DC=DOMAIN"/>
                             <module-option name="roleFilter" value="(member={1})"/>
                             <module-option name="roleNameAttributeID" value="cn"/>
                             <module-option name="searchScope" value="SUBTREE_SCOPE"/>
                             <module-option name="roleRecursion" value="5"/>
                         </login-module>
                         <login-module code="RoleMapping" flag="optional">
                             <module-option name="rolesProperties" value="file:///${jboss.server.config.dir}/AD_GroupsMapping.properties"/>
                             <module-option name="replaceRole" value="true"/>
                         </login-module>
                     </authentication>
                 </security-domain>

<security-domain name="YOUR_SECURITY_DOMAIN" cache-type="default">

<login-module code="LdapExtended" flag="required">

<module-option name="java.naming.provider.url" value="ldap://YOUR_ACTIVEDIRECTORY_SERVER:389/"/>

<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

<module-option name="java.naming.security.authentication" value="simple"/>

<module-option name="java.naming.referral" value="follow"/>

<module-option name="bindDN" value="USERNAME@ACTIVEDIRECTORY_DOMAIN"/>

<module-option name="bindCredential" value="PASSWORD"/>

<module-option name="baseCtxDN" value="OU=Users,OU=...,DC=ACTIVEDIRECTORY,DC=DOMAIN"/>

<module-option name="baseFilter" value="(sAMAccountName={0})"/>

<module-option name="roleAttributeID" value="memberOf"/>

<module-option name="roleAttributeIsDN" value="true"/>

<module-option name="rolesCtxDN" value="OU=Groups,OU=...,DC=ACTIVEDIRECTORY,DC=DOMAIN"/>

<module-option name="roleFilter" value="(member={1})"/>

<module-option name="roleNameAttributeID" value="cn"/>

<module-option name="searchScope" value="SUBTREE_SCOPE"/>

<module-option name="roleRecursion" value="5"/>

</login-module>

<login-module code="RoleMapping" flag="optional">

<module-option name="rolesProperties" value="file:///${jboss.server.config.dir}/AD_GroupsMapping.properties"/>

<module-option name="replaceRole" value="true"/>

</login-module>

</authentication>

</security-domain>

And a file AD_GroupsMapping.properties containing the mapping between a specific usersgroup and the management group in Wildfly like this:

CPSC_Administrators=admin,developer,analyst,manager,user,rest-all

1	CPSC_Administrators=admin,developer,analyst,manager,user,rest-all

Then restart the Service Catalog with systemctl restart servicecatalog

And you should be able to log in with an user defined on your LDAP/ActiveDIrectory server.

Add JAVA libraries in Cisco UCS Director 5.5

In the file “inframgr.env”, located in “/opt/infra/bin/”:

[root@ucsd5.5 ~]# cat /opt/infra/bin/inframgr.env
#!/bin/bash

SVC=inframgr

. /opt/infra/bin/svcmgr.env

# Memory settings
MEMORY_MIN=128m
MEMORY_MAX=6144m

# JMX settings
JMX_PORT=11006
JMX_SERVICE_BINDING=local
#buildJmxOpts

SVC_JAR="$SVC.jar"
MAIN_CLASS=com.cloupia.service.cIM.inframgr.InfraMgrMain

# Jars to be overrided in CLASSPATH
ORDERED_JARS="vijava60compat.jar:vijava55b20130927.jar:/opt/visualstation/jaxrs-ri/ext/org.osgi.core-4.2.0.jar:/opt/visualstation/jaxrs-ri/ext/javax.servlet-api-3.0.1.jar:/opt/visualstation/jaxrs-ri/ext/javassist-3.18.1-GA.jar:/opt/visualstation/jaxrs-ri/ext/hk2-locator-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/hk2-utils-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/aopalliance-repackaged-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/asm-debug-all-5.0.4.jar:/opt/visualstation/jaxrs-ri/ext/jersey-guava-2.22.2.jar:/opt/visualstation/jaxrs-ri/ext/javax.annotation-api-1.2.jar:/opt/visualstation/jaxrs-ri/ext/hk2-api-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/persistence-api-1.0.jar:/opt/visualstation/jaxrs-ri/ext/javax.inject-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/jaxb-api-2.2.7.jar:/opt/visualstation/jaxrs-ri/ext/osgi-resource-locator-1.0.1.jar:/opt/visualstation/jaxrs-ri/ext/validation-api-1.1.0.Final.jar:/opt/visualstation/jaxrs-ri/lib/jersey-media-jaxb.jar:/opt/visualstation/jaxrs-ri/lib/jersey-container-servlet.jar:/opt/visualstation/jaxrs-ri/lib/jersey-container-servlet-core.jar:/opt/visualstation/jaxrs-ri/lib/jersey-client.jar:/opt/visualstation/jaxrs-ri/lib/jersey-common.jar:/opt/visualstation/jaxrs-ri/lib/jersey-server.jar:/opt/visualstation/jaxrs-ri/api/javax.ws.rs-api-2.0.1.jar"
buildClasspath

# Remote debugging settings
#REMOTE_DEBUG_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,address=8006,server=y,suspend=n"

JVM_ARGS="-DSVC=$SVC -Xms$MEMORY_MIN -Xmx$MEMORY_MAX $REMOTE_DEBUG_OPTS -Djava.security.manager -Djava.security.policy=security.policy -DpreInitSchema=true -verbose:gc -Dfile.encoding=UTF-8 $JMX_OPTS"

# Other JVM args/options
OTHER_JVM_ARGS=""

SVC_CMD="java $JVM_ARGS $OTHER_JVM_ARGS $CLASSPATH $MAIN_CLASS"

[root@ucsd5.5 ~]#

[root@ucsd5.5 ~]# cat /opt/infra/bin/inframgr.env

#!/bin/bash

SVC=inframgr

. /opt/infra/bin/svcmgr.env

# Memory settings

MEMORY_MIN=128m

MEMORY_MAX=6144m

# JMX settings

JMX_PORT=11006

JMX_SERVICE_BINDING=local

#buildJmxOpts

SVC_JAR="$SVC.jar"

MAIN_CLASS=com.cloupia.service.cIM.inframgr.InfraMgrMain

# Jars to be overrided in CLASSPATH

ORDERED_JARS="vijava60compat.jar:vijava55b20130927.jar:/opt/visualstation/jaxrs-ri/ext/org.osgi.core-4.2.0.jar:/opt/visualstation/jaxrs-ri/ext/javax.servlet-api-3.0.1.jar:/opt/visualstation/jaxrs-ri/ext/javassist-3.18.1-GA.jar:/opt/visualstation/jaxrs-ri/ext/hk2-locator-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/hk2-utils-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/aopalliance-repackaged-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/asm-debug-all-5.0.4.jar:/opt/visualstation/jaxrs-ri/ext/jersey-guava-2.22.2.jar:/opt/visualstation/jaxrs-ri/ext/javax.annotation-api-1.2.jar:/opt/visualstation/jaxrs-ri/ext/hk2-api-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/persistence-api-1.0.jar:/opt/visualstation/jaxrs-ri/ext/javax.inject-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/jaxb-api-2.2.7.jar:/opt/visualstation/jaxrs-ri/ext/osgi-resource-locator-1.0.1.jar:/opt/visualstation/jaxrs-ri/ext/validation-api-1.1.0.Final.jar:/opt/visualstation/jaxrs-ri/lib/jersey-media-jaxb.jar:/opt/visualstation/jaxrs-ri/lib/jersey-container-servlet.jar:/opt/visualstation/jaxrs-ri/lib/jersey-container-servlet-core.jar:/opt/visualstation/jaxrs-ri/lib/jersey-client.jar:/opt/visualstation/jaxrs-ri/lib/jersey-common.jar:/opt/visualstation/jaxrs-ri/lib/jersey-server.jar:/opt/visualstation/jaxrs-ri/api/javax.ws.rs-api-2.0.1.jar"

buildClasspath

# Remote debugging settings

#REMOTE_DEBUG_OPTS="-Xdebug -Xrunjdwp:transport=dt_socket,address=8006,server=y,suspend=n"

JVM_ARGS="-DSVC=$SVC -Xms$MEMORY_MIN -Xmx$MEMORY_MAX $REMOTE_DEBUG_OPTS -Djava.security.manager -Djava.security.policy=security.policy -DpreInitSchema=true -verbose:gc -Dfile.encoding=UTF-8 $JMX_OPTS"

# Other JVM args/options

OTHER_JVM_ARGS=""

SVC_CMD="java $JVM_ARGS $OTHER_JVM_ARGS $CLASSPATH $MAIN_CLASS"

[root@ucsd5.5 ~]#

Add in the variable ORDERED_JARS, the path of all your libraries.

Example here, we added the Jersey Client Libraries:

/opt/visualstation/jaxrs-ri/ext/org.osgi.core-4.2.0.jar:/opt/visualstation/jaxrs-ri/ext/javax.servlet-api-3.0.1.jar:/opt/visualstation/jaxrs-ri/ext/javassist-3.18.1-GA.jar:/opt/visualstation/jaxrs-ri/ext/hk2-locator-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/hk2-utils-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/aopalliance-repackaged-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/asm-debug-all-5.0.4.jar:/opt/visualstation/jaxrs-ri/ext/jersey-guava-2.22.2.jar:/opt/visualstation/jaxrs-ri/ext/javax.annotation-api-1.2.jar:/opt/visualstation/jaxrs-ri/ext/hk2-api-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/persistence-api-1.0.jar:/opt/visualstation/jaxrs-ri/ext/javax.inject-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/jaxb-api-2.2.7.jar:/opt/visualstation/jaxrs-ri/ext/osgi-resource-locator-1.0.1.jar:/opt/visualstation/jaxrs-ri/ext/validation-api-1.1.0.Final.jar:/opt/visualstation/jaxrs-ri/lib/jersey-media-jaxb.jar:/opt/visualstation/jaxrs-ri/lib/jersey-container-servlet.jar:/opt/visualstation/jaxrs-ri/lib/jersey-container-servlet-core.jar:/opt/visualstation/jaxrs-ri/lib/jersey-client.jar:/opt/visualstation/jaxrs-ri/lib/jersey-common.jar:/opt/visualstation/jaxrs-ri/lib/jersey-server.jar:/opt/visualstation/jaxrs-ri/api/javax.ws.rs-api-2.0.1.jar

/opt/visualstation/jaxrs-ri/ext/org.osgi.core-4.2.0.jar:/opt/visualstation/jaxrs-ri/ext/javax.servlet-api-3.0.1.jar:/opt/visualstation/jaxrs-ri/ext/javassist-3.18.1-GA.jar:/opt/visualstation/jaxrs-ri/ext/hk2-locator-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/hk2-utils-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/aopalliance-repackaged-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/asm-debug-all-5.0.4.jar:/opt/visualstation/jaxrs-ri/ext/jersey-guava-2.22.2.jar:/opt/visualstation/jaxrs-ri/ext/javax.annotation-api-1.2.jar:/opt/visualstation/jaxrs-ri/ext/hk2-api-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/persistence-api-1.0.jar:/opt/visualstation/jaxrs-ri/ext/javax.inject-2.4.0-b34.jar:/opt/visualstation/jaxrs-ri/ext/jaxb-api-2.2.7.jar:/opt/visualstation/jaxrs-ri/ext/osgi-resource-locator-1.0.1.jar:/opt/visualstation/jaxrs-ri/ext/validation-api-1.1.0.Final.jar:/opt/visualstation/jaxrs-ri/lib/jersey-media-jaxb.jar:/opt/visualstation/jaxrs-ri/lib/jersey-container-servlet.jar:/opt/visualstation/jaxrs-ri/lib/jersey-container-servlet-core.jar:/opt/visualstation/jaxrs-ri/lib/jersey-client.jar:/opt/visualstation/jaxrs-ri/lib/jersey-common.jar:/opt/visualstation/jaxrs-ri/lib/jersey-server.jar:/opt/visualstation/jaxrs-ri/api/javax.ws.rs-api-2.0.1.jar

Save the file and then call /opt/shelladmin

Node:Standalone | Version:5.5.0.0 | UpTime:  08:37:23 up 113 days, 23:11

1)  Change ShellAdmin Password
2)  Display Services Status
3)  Stop Services
4)  Start Services
5)  Stop Database
6)  Start Database
7)  Backup Database
8)  Restore Database
9)  Time Sync
10) Ping Hostname/IP Address
11) Show Version
12) Generate Self-Signed Certificate and Certificate Signing Request
13) Import CA/Self-Signed Certificate
14) Configure Network Interface
15) Display Network Details
16) Enable Database for Cisco UCS Director Baremetal Agent
17) Add Cisco UCS Director Baremetal Agent Hostname/IP
18) Tail Inframgr Logs
19) Apply Patch
20) Shutdown Appliance
21) Reboot Appliance
22) Manage Root Access
23) Login as Root
24) Configure Multi Node Setup (Advanced Deployment)
25) Clean-up Patch Files
26) Collect logs from a Node
27) Collect Diagnostics
28) Quit

SELECT>

Node:Standalone | Version:5.5.0.0 | UpTime: 08:37:23 up 113 days, 23:11

1) Change ShellAdmin Password

2) Display Services Status

3) Stop Services

4) Start Services

5) Stop Database

6) Start Database

7) Backup Database

8) Restore Database

9) Time Sync

10) Ping Hostname/IP Address

11) Show Version

12) Generate Self-Signed Certificate and Certificate Signing Request

13) Import CA/Self-Signed Certificate

14) Configure Network Interface

15) Display Network Details

16) Enable Database for Cisco UCS Director Baremetal Agent

17) Add Cisco UCS Director Baremetal Agent Hostname/IP

18) Tail Inframgr Logs

19) Apply Patch

20) Shutdown Appliance

21) Reboot Appliance

22) Manage Root Access

23) Login as Root

24) Configure Multi Node Setup (Advanced Deployment)

25) Clean-up Patch Files

26) Collect logs from a Node

27) Collect Diagnostics

28) Quit

SELECT>

Stop Services and Start Services.

Wait until the “cloud page” has disappeared.

Cisco Prime Service Catalog stop working after JAVA upgrade

Have a look at: /opt/CiscoPrimeServiceCatalog and in the directory bin ,

open the file setEnv.sh and you should have something like this:

#!/bin/bash
#==============================================================================
# Copyright (c) 1999, 2011, 2013 Cisco Systems, Inc.
# All rights reserved worldwide.
#
# setEnv.sh - Sets up the environment for various command-line utilities.
#
#==============================================================================

JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre
export JAVA_HOME

RC_HOME=/opt/CiscoPrimeServiceCatalog
export RC_HOME

JBOSS_HOME=/opt/CiscoPrimeServiceCatalog/wildfly-8.2.0.Final
export JBOSS_HOME

CONTROLLER_TYPE=$CONTROLLER_TYPE$
export CONTROLLER_TYPE

#!/bin/bash

#==============================================================================

# setEnv.sh - Sets up the environment for various command-line utilities.

#==============================================================================

JAVA_HOME=/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre

export JAVA_HOME

RC_HOME=/opt/CiscoPrimeServiceCatalog

export RC_HOME

JBOSS_HOME=/opt/CiscoPrimeServiceCatalog/wildfly-8.2.0.Final

export JBOSS_HOME

CONTROLLER_TYPE=$CONTROLLER_TYPE$

export CONTROLLER_TYPE

and change the variable JAVA_HOME with the new path of your JAVA jre.

Tips

Use the command update-alternatives --display java

java - status is auto.
 link currently points to /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/java
/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/java - priority 1700101
 slave keytool: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/keytool
 slave orbd: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/orbd
 slave pack200: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/pack200
 slave rmid: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/rmid
 slave rmiregistry: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/rmiregistry
 slave servertool: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/servertool
 slave tnameserv: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/tnameserv
 slave unpack200: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/unpack200
 slave jre_exports: /usr/lib/jvm-exports/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64
 slave jre: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre
 slave java.1.gz: /usr/share/man/man1/java-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz
 slave keytool.1.gz: /usr/share/man/man1/keytool-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz
 slave orbd.1.gz: /usr/share/man/man1/orbd-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz
 slave pack200.1.gz: /usr/share/man/man1/pack200-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz
 slave rmid.1.gz: /usr/share/man/man1/rmid-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz
 slave rmiregistry.1.gz: /usr/share/man/man1/rmiregistry-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz
 slave servertool.1.gz: /usr/share/man/man1/servertool-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz
 slave tnameserv.1.gz: /usr/share/man/man1/tnameserv-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz
 slave unpack200.1.gz: /usr/share/man/man1/unpack200-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz
Current `best' version is /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/java.

java - status is auto.

link currently points to /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/java

/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/java - priority 1700101

slave keytool: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/keytool

slave orbd: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/orbd

slave pack200: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/pack200

slave rmid: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/rmid

slave rmiregistry: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/rmiregistry

slave servertool: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/servertool

slave tnameserv: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/tnameserv

slave unpack200: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/unpack200

slave jre_exports: /usr/lib/jvm-exports/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64

slave jre: /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre

slave java.1.gz: /usr/share/man/man1/java-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz

slave keytool.1.gz: /usr/share/man/man1/keytool-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz

slave orbd.1.gz: /usr/share/man/man1/orbd-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz

slave pack200.1.gz: /usr/share/man/man1/pack200-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz

slave rmid.1.gz: /usr/share/man/man1/rmid-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz

slave rmiregistry.1.gz: /usr/share/man/man1/rmiregistry-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz

slave servertool.1.gz: /usr/share/man/man1/servertool-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz

slave tnameserv.1.gz: /usr/share/man/man1/tnameserv-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz

slave unpack200.1.gz: /usr/share/man/man1/unpack200-java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64.1.gz

Current `best' version is /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre/bin/java.

Take the value following the Current ‘best’ version /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.101-2.6.6.1.el7_2.x86_64/jre

Get vmId by vmName in Cloupia Script

How to get the Virtual Machine Identity (vmId) with its name.

Create a custom task with this code:

importPackage(java.util);
importPackage(java.lang);
importPackage(java.io);
importPackage(com.cloupia.lib.util);
importPackage(com.cloupia.service.cIM.inframgr);
importPackage(com.cloupia.model.cEvent.notify);
importPackage(com.cloupia.lib.util.mail);
importPackage(com.cloupia.fw.objstore);
importPackage(com.cloupia.lib.util.managedreports);
importPackage(com.cloupia.model.cIM);

logger.addInfo("Looking for vmId of " + input.VMname);
try {
  // Call Static Function getVMByVMName from InfraPersistenceUtil
  // ... I like the documentation from Cisco ... Empty
  var gvm = InfraPersistenceUtil.getVMByVMName(input.accountName,input.VMname);
  if(gvm != null){
    logger.addInfo("Virtual Machine Status: " + gvm.getStatus());
    logger.addInfo("Guest OS: " + gvm.getGuestOS());
    logger.addInfo("Virtual Machine ID: " + gvm.getVmId());
    output.vmId = gvm.getVmId();
    output.VMSelector = gvm.getVmId();
  } else {
    ctxt.setFailed("(NULL) The virtual machine " + input.VMname + " doesn't exist !");
  }
}
catch(e) {
  logger.addError("Error when looking for a vmId. (" + e + ")");
  ctxt.setFailed("The virtual machine " + input.VMname + " doesn't exist !");
} finally {
  
}

importPackage(java.util);

importPackage(java.lang);

importPackage(java.io);

importPackage(com.cloupia.lib.util);

importPackage(com.cloupia.service.cIM.inframgr);

importPackage(com.cloupia.model.cEvent.notify);

importPackage(com.cloupia.lib.util.mail);

importPackage(com.cloupia.fw.objstore);

importPackage(com.cloupia.lib.util.managedreports);

importPackage(com.cloupia.model.cIM);

logger.addInfo("Looking for vmId of " + input.VMname);

try {

// Call Static Function getVMByVMName from InfraPersistenceUtil

// ... I like the documentation from Cisco ... Empty

var gvm = InfraPersistenceUtil.getVMByVMName(input.accountName,input.VMname);

if(gvm != null){

logger.addInfo("Virtual Machine Status: " + gvm.getStatus());

logger.addInfo("Guest OS: " + gvm.getGuestOS());

logger.addInfo("Virtual Machine ID: " + gvm.getVmId());

output.vmId = gvm.getVmId();

output.VMSelector = gvm.getVmId();

} else {

ctxt.setFailed("(NULL) The virtual machine " + input.VMname + " doesn't exist !");

}

catch(e) {

logger.addError("Error when looking for a vmId. (" + e + ")");

ctxt.setFailed("The virtual machine " + input.VMname + " doesn't exist !");

} finally {

}

Inputs:

VMname (Virtual machine Name) in a string
accountName (vCenter Account Name in UCS Director)

Outputs:

vmId (Virtual Machine Identity for UCS Director)

Cisco UCS Director – Hello World in Cloupia script

Cloupia script is THE scripting language from Cisco UCS Director.

Cloupia is a mix between Javascript and Java. The code is interpreted by Nashorn (the Javascript engine from JRE/JDK).

importPackage(java.lang);

var sHelloWorld = "Hello the world !";

logger.addInfo(sHelloWorld);

importPackage(java.lang);

var sHelloWorld = "Hello the world !";

logger.addInfo(sHelloWorld);

imporPackage has the same role as import from a pure Java code.

import java.lang.* is in cloupia importPackage(java.lang);

LibreNMS with NGINX, rSyslog and …

How to configure rSyslog to send all remote logs into LibreNMS

First create the following config inside “/etc/rsyslog.d/”

Continue reading “LibreNMS with NGINX, rSyslog and …”