Removing Passphrase From SSH Key

So¬†generally speaking it’s always preferable to use a passphrase with your SSH Keys, however there are times when a passphrase may get in the way, particularly with service accounts that run cron jobs or connect out to other servers in your environment. Rotating keys semi-frequently would be a wise security precaution to prevent your key from becoming compromised. That said lets go through the process of stripping out the passphrase from an existing key.

Remove Passphrase From Key

openssl rsa -in ~/.ssh/id_rsa -out ~/.ssh/id_rsa_nopass

This will create a new copy of your key without a password

 

Modify Permissions Remove Old Key

First we need to remove the old key and rename the new one

rm id_rsa
mv id_rsa_nopass id_rsa

Now we need to fix permissions:

chmod 600 id_rsa

Enabling Nested Virtualization on Citrix XenServer

Create a VM

Go through the normal process of creating or cloning a VM. Make sure the virtual machine is in a powered off state

 

Edit Settings to Allow Nested Virtualization

Locate the UUID of the system, if you know the name of the box this is fairly straightforward:

xe vm-list name-label=<server name>

Once you have located the system you will be able to use the system’s UUID

xe vm-param-set UUID=<UUID> platform:exp-nested-hvm=true

 

Check CPU Info on Guest

Now that you have created a guest VM and enabled nested virtualization you will want to check that the CPU has the vmx (Intel) or svm (AMD) flag

cat /proc/cpuinfo

Attaching CentOS to iSCSI Target

In my last post we went over the steps to setup an iSCSI target server host iSCSI LUNs on a CentOS box. This tutorial includes steps for setting up an iSCSI initiator on CentOS box and connect to your iSCSI targets. We’ll start by isntalling the packages, discovering and connecting to the target, finish up by persistently mounting the LUN in /etc/fstab.

Install Packages

To setup and configure iSCSI initiator connections to targets we’ll want to install the following:

yum install iscsi-initiator-utils -y
It’s normal for the iscsid service to show as stopped when it’s not in use

Discovering & Connecting to Targets

To discover targets and the target IQN use the following command (note 192.168.1.24 is used as an example, use the correct IP for your iSCSI target):

iscsiadm --mode discovery --type sendtargets --portal 192.168.1.24 --discover

This should discover the iSCSI target and it’s available LUNs. To get more info run the following command:

iscsiadm --mode node --op show | more

To connect to the iSCSI LUN run the following substituting your target IQN path and IP address:

iscsiadm --mode node --targetname iqn.2015.com.tgsrv1:tgt1 --portal 192.168.1.24 --login

To verify connection to the ISCSI LUN use the following command:

iscsiadm --mode session --op show

Once you are connected the LUN will show up as another block device on your system and will appear just like a local hard drive and will need to be formatted and have a filesystem written to it. After writing a filesystem we can mount the new iSCSI storage. In my case I used ext4 as my filesystem, if you used a different filesystem you’ll need to specify it instead of ext4.

mkdir -p /mnt/san
mount -t ext4 /dev/sdb /mnt/san

Setting Up Persistent Mounts

The ability to add iSCSI targets to the initiator system is great, but in situations where the iSCSI needs to reattach after reboot the following instructions will apply. To start with we will need to obtain the UUID of the iSCSI device:

blkid

Obtain the UUID of the device you’re working with (you may want to copy this to your clipboard for the time being).

vim /etc/fstab

Add the following line (using your UUID and correct filesystem (ext4 in my case) mount point).

UUID=d9275aa1-ab41-44d1-9f22-81ef1bf325e3 /mnt/san ext4 _netdev		0 0