- Configure the Network Protocol Profile on the vCenter according to: https://www.virtualthoughts.co.uk/2020/03/29/rancher-vsphere-network-protocol-profiles-and-static-ip-addresses-for-k8s-nodes/
- Ensure to create a service user with the regarding global and folder specific permissions: https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/vsphere/provisioning-vsphere-clusters/creating-credentials/
- Beside the vCenter role permissions from the official Rancher documentation, the following ones need to be provided in order to configure the Nodes via vApp options:
- Content Library: Read storage
- Extension: Register extension
- Beside the vCenter role permissions from the official Rancher documentation, the following ones need to be provided in order to configure the Nodes via vApp options:
- vSphere Tagging: Assign or Unassign vSphere Tag on Object
Quick and dirty guide how to get Apache Guacamole in combination with VNC up and running.
sudo add-apt-repository -y ppa:remmina-ppa-team/freerdp-daily
sudo apt update
env DEBIAN_FRONTEND=noninteractive sudo apt install -y freerdp2-dev freerdp2-x11
Save the file nic-isolation.service
to /etc/systemd/system/nic-isolation.service
.
Afterwards reload the systemd daemon and enable & start the "service":
sudo systemctl daemon-reload
sudo systemctl enable nic-isolation.service
sudo systemctl start nic-isolation.service
By default Linux ignores Broadcast and Multicast ICMP messages. That's why you need to enable it first:
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0
To join any mutlicast address (e.g. 224.10.10.10/24
) just add it to your active interface (e.g. eth0
) and append the keyword autojoin
at the end:
Ranchers official documentation about how to configure the Rancher <> KeyCloak setup is fine but definitely not sufficient to successfully configure it (https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/keycloak/). That's the reason why here every single required step is documented down here.
I simply use the default master
realm for the Rancher client. Nevertheless, it would sometimes absolutely make sense to use a custom KeyCloak realm.
- Login as
admin
on https://keycloak.example.com/. Important: It's crucial that in KeyCloak the same username exists as you use as admin user on Rancher. Since I just use theadmin
account in this guide, this prerequisite is already achieved. - Create a new client under https://keycloak.example.com/auth/admin/master/console/#/realms/master/clients
Client ID
:https://rancher.example.com/v1-saml/keycloak/saml/metadata
Use the following commands to add a security device module to Firefox. Ensure Firefox is closed while running these commands! modutil
comes with the installation of libnss3-tools
.
securityModuleDeviceName="My Awesome Module"
securityModulePath="/usr/lib/libBlaBla.so"
# We use cert9.db and "sql:..." since cert8.db is in the legacy format
for devicedDB in $(find ~/.mozilla* -name "cert9.db")
do
certDir=$(dirname ${devicedDB});
Use the following commands to add CA certificates to the Firefox truststore via command line. Ensure Firefox is closed while running these commands! certutil
comes with the installation of libnss3-tools
.
certificateFileRoot="root.crt"
certificateNameRoot="Root CA"
certificateFileInter="intermediate.crt"
certificateNameInter="Intermediate CA"
# We use cert9.db and "sql:..." since cert8.db is in the legacy format
for certDB in $(find ~/.mozilla* -name "cert9.db")
feature netflow
flow exporter elastic-exp
description elasticsearch exporter
destination 10.10.10.10 use-vrf XY
transport udp 9995
source Vlan123
dscp 0
version 9
version: "3.7" | |
services: | |
backend: | |
image: registry.example.com/my-example-docker-image:stable | |
restart: always | |
hostname: my-example-service.example.com | |
environment: | |
TZ: Europe/Zurich | |
env_file: |