I’ve made some quick changes to ONEMC to show the VNC port in the interface. I’ve updated the template that onemc creates with a GRAPHICS section. This enables vnc on the quest.
As a workaround until ONE can use the VMID in the graphics section, I use a virsh command to get the vncport. To get this working the webserver user should be allowed to execute the virsh command via sudo. Add the following to sudoers:
apache ALL=(ALL) NOPASSWD: /usr/bin/virsh *
Also I encountered some problems with the model section in the KVM template so I commented that out as well.
Below the patch and a screenshot listing the vnc ports in ONEMC
onemc_funcs.patch
When setting up SSL offloading on a Foundry ServerIron 4G-SSL the default installation allows weak (eg. DES, 56bit) ciphers and SSLv2. This is not a recommended setup, especially if you have to comply to certain security certifications, like PCI. The Foundry documentation does not give a lot of information on the ciphers that are supported. Below the commands to disable SSLv2 and allow only strong ciphers on an ssl accelerated host.
To change the ssl profile of a virtual server, always follow the following steps:
- Remove the ssl profile from the virtual server
- Change the ssl profile settings
- Enable the ssl profile on the virtual server
server virtual vservername
no port ssl ssl-terminate sslprofilename
exit
ssl profile sslprofilename
disable-ssl-v2
no cipher-suite all-cipher-suites
cipher-suite rsa-with-3des-ede-cbc-sha
cipher-suite rsa-with-aes-128-sha
cipher-suite rsa-with-aes-256-sha
cipher-suite rsa-with-rc4-128-md5
cipher-suite rsa-with-rc4-128-sha
exit
server virtual vservername
port ssl ssl-terminate sslprofilename
