- Configure the Network Protocol Profile on the vCenter according to: https://www.virtualthoughts.co.uk/2020/03/29/rancher-vsphere-network-protocol-profiles-and-static-ip-addresses-for-k8s-nodes/
- Ensure to create a service user with the regarding global and folder specific permissions: https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/node-pools/vsphere/provisioning-vsphere-clusters/creating-credentials/
- Beside the vCenter role permissions from the official Rancher documentation, the following ones need to be provided in order to configure the Nodes via vApp options:
- Content Library: Read storage
- Extension: Register extension
- Beside the vCenter role permissions from the official Rancher documentation, the following ones need to be provided in order to configure the Nodes via vApp options:
- vSphere Tagging: Assign or Unassign vSphere Tag on Object
Philip Schmid PhilipSchmid
PhilipSchmid
/ 0-rancher-vsphere-setup.md
Last active
August 1, 2023 17:47
How to set up a Rancher K8s cluster on VMware (incl. vSphere StorageClass)
PhilipSchmid
/ clientless-linux-remote-access.md
Last active
February 25, 2022 10:49
Using Apache Guacamole in combination with VNC for clientless Linux remote access
Quick and dirty guide how to get Apache Guacamole in combination with VNC up and running.
sudo add-apt-repository -y ppa:remmina-ppa-team/freerdp-daily
sudo apt update
env DEBIAN_FRONTEND=noninteractive sudo apt install -y freerdp2-dev freerdp2-x11
PhilipSchmid
/ nic-isolation-readme.md
Last active
April 29, 2020 11:30
Automatically add Linux NIC to namespace at system boot (e.g. used for Ethernet USB dongles with dynamic identifier)
Save the file nic-isolation.service to /etc/systemd/system/nic-isolation.service.
Afterwards reload the systemd daemon and enable & start the "service":
sudo systemctl daemon-reload
sudo systemctl enable nic-isolation.service
sudo systemctl start nic-isolation.service
PhilipSchmid
/ multicast-on-linux.md
Last active
March 18, 2024 14:36
Testing Multicast Traffic on Linux
By default Linux ignores Broadcast and Multicast ICMP messages. That's why you need to enable it first:
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=0To join any mutlicast address (e.g. 224.10.10.10/24) just add it to your active interface (e.g. eth0) and append the keyword autojoin at the end:
PhilipSchmid
/ rancher-keycloak-idp-configuration.md
Last active
January 11, 2024 06:42
Rancher v2.X KeyCloak Authentication Backend Configuration
Ranchers official documentation about how to configure the Rancher <> KeyCloak setup is fine but definitely not sufficient to successfully configure it (https://rancher.com/docs/rancher/v2.x/en/admin-settings/authentication/keycloak/). That's the reason why here every single required step is documented down here.
I simply use the default master realm for the Rancher client. Nevertheless, it would sometimes absolutely make sense to use a custom KeyCloak realm.
- Login as
adminon https://keycloak.example.com/. Important: It's crucial that in KeyCloak the same username exists as you use as admin user on Rancher. Since I just use theadminaccount in this guide, this prerequisite is already achieved. - Create a new client under https://keycloak.example.com/auth/admin/master/console/#/realms/master/clients
Client ID:https://rancher.example.com/v1-saml/keycloak/saml/metadata
PhilipSchmid
/ traefik-docker-compose.tmpl.md
Last active
August 27, 2019 09:21
PhilipSchmid
/ Firefox_Security_Device.md
Created
December 20, 2018 09:24
Use the following commands to add a security device module to Firefox. Ensure Firefox is closed while running these commands! modutil comes with the installation of libnss3-tools.
securityModuleDeviceName="My Awesome Module"
securityModulePath="/usr/lib/libBlaBla.so"
# We use cert9.db and "sql:..." since cert8.db is in the legacy format
for devicedDB in $(find ~/.mozilla* -name "cert9.db")
do
certDir=$(dirname ${devicedDB});
PhilipSchmid
/ Firefox_CA_Truststore.md
Last active
December 20, 2018 09:23
Use the following commands to add CA certificates to the Firefox truststore via command line. Ensure Firefox is closed while running these commands! certutil comes with the installation of libnss3-tools.
certificateFileRoot="root.crt"
certificateNameRoot="Root CA"
certificateFileInter="intermediate.crt"
certificateNameInter="Intermediate CA"
# We use cert9.db and "sql:..." since cert8.db is in the legacy format
for certDB in $(find ~/.mozilla* -name "cert9.db")
PhilipSchmid
/ netflow.md
Created
December 19, 2018 08:47
Cisco IPv4 and IPv6 Netflow Example Configuration (Nexus 5k)
feature netflow
flow exporter elastic-exp
description elasticsearch exporter
destination 10.10.10.10 use-vrf XY
transport udp 9995
source Vlan123
dscp 0
version 9
PhilipSchmid
/ docker-compose.tmpl.yml
Created
August 13, 2018 15:44
docker-compose.yml template which covers most of the configurations which are used from time to time
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3.7" | |
| services: | |
| backend: | |
| image: registry.example.com/my-example-docker-image:stable | |
| restart: always | |
| hostname: my-example-service.example.com | |
| environment: | |
| TZ: Europe/Zurich | |
| env_file: |