Hacking Photon OS to Do Your Bidding
I’m really happy to hear that only a week after VMworld the PowerCLI team is all over trying to get us to market with a version of PowerCLI that can be consumed by the masses. As a Apple and Linux user, I’ve always been a second class automation citizen in the VMware space… There are few scripting tools out there, but none as big or maintained as much as PowerCLI.
I’m, Tim, I’m not a traditional Microsoft user….
Frankly, I grew up in the Linux world running distributed e-discovery systems that were a bear to troubleshoot and get performing. For that I’m thankful, because by being around such piles of awesome, I was able to pick up a lot of tidbits around networking/storage that make me the tech nerd that I am today… So this linux tech nerd is very happy about the VMware push of PowerShell and eventually PowerCLI to Photon OS.
Today I’d like to talk (er type) about how to make Photon OS a more easy to use extension of your operating system. I envision photon as a very lightweight way of getting PowerCLI functionality out of your Mac/Linux host with VMware Fusion/Workstation or this as a way to include a small management VM in your local vSphere environment. To bring this vision to reality, we need to set a static ip’s/nameservers, enable root login, setup some SSH keys and install PowerCLI with the built in package manager.
First and foremost, download photon os and deploy it to Workstation/Fusion or vSphere…
Boot it up and get to the console:
Initial password for the os is root/changeme (go ahead and follow the prompts to get the root password changed and get moving. Now that we have logged in as root:
let’s move on to enabling SSH access to our Photon OS.
Enabling Root Login:
In my use cases I’d like to make sure that I can use Photon OS as an extension of my local OS, meaning that i’ll use Fusion to execute Photon OS on boot and allow ssh access to that host directly from my local machine. I’d like to be able to just use Photon how I need to as a root user and because it’s a local box, I really just want to make it easy for me to login as the root user. To get that going let’s enable the root user to ssh into the host:
First we’ll need to permit root ssh login by adding the following line to the /etc/ssh/ssh_config file:
To accomplish this we’ll use a text editor, the directions here will get you started in vi (the one true text editor).
If you would like to use vi (and I do) at the command line simply type:
The ssh_config file will open in your vi window… use your arrow keys to get to the bottom of the host section.
Press i to insert new text and type the following into a new line:
Should look like this:
Press the ESC button
Type :wq! to write the changes to the file and exit (did you mess up? That’s okay, type :q! to quit without making any changes and start over).
Now restart the ssh service by using the systemctl service:
systemctl restart sshd
You can also use the ip addr command to show your local ip address (which you’ll need to establish an SSH connection).
Test your SSH connection into Photon as root from your OSX box… Fire up a terminal and execute:
You’ll see that we’ve appropriately established an ssh connection as root.
Adding some keys to make life a bit easier…
SSH keys can be used in lieu of passwords to make connections to your ssh host happen without a password (saving you a bit of time). Let’s talk about the process of how this works. First a set of keys is generated on your local machine. You then place a copy of your public key into a file called authorized_keys on the host that you wish to remotely connect to without a password.
To start, on your client machine (in this case my mac) fire up a terminal and move to your home directory by typing:
We then need to have a look to make sure that a directory called .ssh doesn’t exist. Do this by executing the following looking to make sure that you don’t have the following:
You can see in my case that I already have a directory called .ssh. If you DON’T you’ll need to do the following:
You’ll need to ensure that the permissions of the directory are appropriately secure to keep ssh key files. That is satisfied by the following:
chmod go-rwx .ssh
We’ll then need to change directories into .ssh
It’s now time to create our keys:
ssh-keygen -b 1024 -t rsa -f id_rsa -P ""
Some quick notes:
- -f indicates the name of the file
- -t indicates that we’re using RSA
- -b 1024 bit key (feel free to amp this up if you’d like)
- most importantly -P “” indicates that the password should be empty
NB: I’ve created my keys in a temp directory as I already have an existing pair of id_rsa keys…
You should now have a pair setup in your .ssh directory:
Let’s talk over this really quick. The id_rsa key is your private key… Don’t ever give that bad boy out to anyone. Frankly, just leave it alone. The id_rsa.pub is your public key, and the thing that we’re going to put on our remote hosts to make logging in a breeze.
Copy your key to the photon machine:
From your client machine (my mac in this case) run the following:
Copy the text into your clipboard omitting the next command prompt line.
SSH into your photon host as root:
You’ll notice that we’re in root’s home directory indicated by the “~”
Change directories into .ssh on the photon host:
List the contents of the .ssh directory on the photon host:
We’re going to edit that authorized_keys file in the next step. Same vi stuff as before:
vim authorized_keys type dd - to remove the first line that says <ssh-key-here>. type i - to place vi into insert mode and paste your key into this file hit ESC type :wq!
Test it out!
Log out of the photon machine and from your local box type ssh root@photonmachineip
You shouldn’t have to enter a password this time to login:
Setting a static IP
Setting a static ip for Photon OS is not as straightforward as it should be… Linux FTW (I admit it). First we need to tell the system that we’ll not be using DHCP and secondly we’ll need to make sure that that we actually set the IP statically and bits for search domains and name resolution To do this we’ll need to edit a few key files. First go ahead and ensure that your ethernet interface is setup as eth0 on your photon host by executing the following:
Here you can see that eth0 is setup as our DHCP interface.
To set that as static, we’ll need to first move that file:
mv /etc/systemd/network/10-dhcp-en.network /etc/systemd/network/10-static-eth0.network
Next, let’s use our vi skills to edit that file:
First let’s empty the file out:
type dd several times until the file is clean.
type i to insert text and insert the following template and customize: [Match] Name=eth0 [Network] Address=192.168.10.176/24 Gateway=192.168.10.1 DNS=192.168.10.50 Domains=timcarr.net
Next restart networking to pick up the new config:
systemctl restart systemd-networkd.service
You can verify that everything is working properly by executing:
and verifying your ip address is what you’ve configured.
Get some PowerCLI in your life – COMING SOON!
I’m happy that VMware will be releasing powercli for photon… We just need to install it into our newly hacked together lightweight management VM. That’s ultimately will be a very simple one-liner using the package manager named tdnf (or tiny dandified yum – what a name).
tdnf -y install powercli
With this post and the previous post on building and running powershell in a docker container, we’re now just waiting on Microsoft and VMware to get the rest of the legalese and coding done to bring PowerCLI to the platform as part of a fling. We’re really looking forward to that release!