Using FAHControl to monitor multiple [email protected] Clients

This blog post will cover how to centrally manage multiple [email protected] clients.

  • Installing FAHControl
  • Monitor Multiple instances of VMware Appliance for [email protected]
  • Configuring Access to your Linux based clients or directly on the VMware [email protected] Appliance
  • Connecting FAHControl to your clients
  • Troubleshooting FAHControl issues
  • Firewall Rules

Installing FAHControl to monitor multiple installations

For Windows instances, this is installed as part of the FAHClient

  • “C:\Program Files (x86)\FAHClient\FAHControl.exe”

For Linux, you will need to install FAHControl separately

Monitoring multiple instances of the VMware Appliance for [email protected]

When you deploy you’re OVA you’ll be asked to configure the below highlighted settings, by default we input a rule of 0.0.0.0/0 meaning any FAHControl node can connect (using the correct password). You can alter this for your local subnets.

Configuring Access to your Linux based clients or directly on the VMware [email protected] Appliance

On your Linux machines or deployed OVAs

  • Connect via SSH
  • Edit the config.xml file
vi /etc/fahclient/config.xml
  • Insert the following code to enable FAHControl access
    • From within vi press ‘i’ to enter insert mode
  • To configure a single address to access your client
    • Without passwords;
<command-allow-no-pass v='127.0.0.1 x.x.x.x’ />
  • With Password;
<command-allow v='127.0.0.1 192.168.200.10' />

<password v='VMware1!' />

N.B. The localhost address must remain configured, otherwise the client work run

  • Save the config.xml file
  • Press ESC key
  • Enter without quotes “:wq!”

  • Reload the FAHClient
    • /etc/init.d/FAHClient restart

If you see “Starting fahclient … FAIL” check your XML file again for any syntax errors.

Examples Config.xml changes

Using password with a single IP restriction

  <!-- Remote Command Server -->

  <command-allow v='127.0.0.1 192.168.200.10' />

  <password v='VMware1!'/>

Without a password against a single IP restriction

  <!-- Remote Command Server -->

  <command-allow-no-pass v='127.0.0.1 192.168.200.10' />

Without either a password or IP restriction

<!-- Remote Command Server -->

  <command-allow-no-pass v='127.0.0.1 0.0.0.0/0' />

Connecting FAHControl to your clients

  • Open your FAHControl and click Add
  • Enter the name of your client as you would like it to be displayed, the IP address of your client and your password if necessary, and click save
  • You should now see your client is connected in FAHControl.

Troubleshooting FAHControl issues

FAHControl uses the default TCP Port 36330

Test access with telnet you should get a response as below.

The VMware Appliance for [email protected] has IPTables configured to allow this port by default, if you did not specify a specific remote management address during deployment, then access is open to all IP addresses.

Ensure that the machine where you are running FAHControl is not blocking outbound connections to TCP 33630.

Appendix

Firewall rules

The below firewall rules have been added to the VMware Appliance for [email protected]  by default to allow for FAHControl to remotely manage FAHClient.

If you are using these instructions for a Linux machine, you can use the below settings as well.

iptables -A INPUT -p tcp --dport 36330 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp --dport 36330 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

 

Regards

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.