And here beings the tech portion of the blog.
We’re rolling out the first phase of our virtualization project. We’re going with VMWare Server (their free product - used to be GSX Server) and (hopefully) VMWare VirtualCenter (centralized management of GSX.) We bought five Dell Poweredge 1950’s with dual quad core Xeon’s, 16GB RAM, 136GB 15k SAS drives, and TOE nics.
The servers are all racked, and we went ahead and loaded CentOS 5 64 bit. Everything went well, and I loaded VMWare Server on all of the boxes.
I wanted to see if I could get VMWare to authenticate against our Active Directory. Since I have a fleet of Red Hat and CentOS boxes that do that I figured it would be pretty easy. Just install OpenLDAP, put a SSL cert on the box, setup the ldap and PAM config files, and voila. Well, it turned out to be not so easy.
First off, there was some weird problem with the architecture of the OpenSSL RPM’s that ship on CentOS by default. It seems that the OpenSSL x86_64 package gets loaded, but when you try to load OpenLDAP, it wants to install OpenSSL.i686, and the two packages conflict on man pages. It’s apparently a bug in CentOS (Red Hat?) with a pretty lousy “workaround” that doesn’t help if you’re trying to load something like OpenLDAP. The weird thing is, I had some boxes that would show (presumably) both arch versions of OpenSSL installed by default:
[root@vmsvr2 ~]# rpm -q openssl
openssl-0.9.8b-8.3.el5
openssl-0.9.8b-8.3.el5
and others that would show it only having one:
[root@vmsvr3 ~]# rpm -q openssl
openssl-0.9.8b-8.3.el5
The boxes are all identical, and built at the same time. The only thing that I can think of that differed was that I did a text mode install on vmsvr2 and a graphical on vmsvr3. I reinstalled CentOS in text mode on vmsvr3 and 4 and they both ended up getting both the i686 and x86_64 versions loaded during the install.
Finally, I got LDAP authentication working on two of the boxes, but on vmware4 when you try to log in, LDAP authenticates you (can be seen in tcpdump as well as in /var/log/secure) but then the login hangs. I attempted an strace today, but being a newbie to that I am going to have to ask some more experienced people tomorrow.
I wish I had accomplished more today. I spent a lot of effort to not make much headway. I’m beginning to wonder if I should have stuck with CentOS 4.4 64 bit for this project. There’s too many stupid, weird things going on with CentOS 5.
The good news is that VMWare with authenticate against LDAP for the boxes that do allow me to log in, which will be nice so I don’t have to give out the root password on all of the vmware boxes.
Leave a Reply
You must be logged in to post a comment.