Single URL For All of Your Linked vCenters?

Scenario:
You have a few vCenter servers connected via “linked mode” or within the same SSO domain.
If you are on vSphere 6.5, you now have two GUI clients for every day VM administration.
Now, lets say you want to direct users to a single URL and that URL will direct users to a random vCenter in your SSO domain and you can even force users to the HTML5 client or Flash client.

Well, doing this is easy with a simple 500MB Photon OS VM and a small docker NGINX container.
Once you work through these steps, you can have a single URL, like “http://vcenter.vmnick0.me” and it will redirect you to one of your many vCenters and to the client of choice.

Quick disclaimer:
– I do not own or maintain any of the downloads, images, or commands you will use below.  You are free to accept and download software as you see fit and assume all responsibility and risk… if any risk exists.

Requirements:
– A single VM, with a single IP address that can reach the internet (to download updates and the needed docker image.)
– A list of URLs you want to be “redirected” to.

Steps:
1 – Go to Git Hub and download the Photon OS appliance, “OVA”
https://github.com/vmware/photon/wiki/Downloading-Photon-OS
2 – Import that OVA to your vCenter or ESXi host using the client of choice.
— The VM will be about 500MB in size when complete so using thin provisioning might save you 15.5GB on this OVA install.
3 – Once imported,  Power on the VM and launch a console.
4 – On the console you will need to complete three things.
–  a. Change the root password.
–  b. Enable SSH and restart the SSH daemon.
–  c. Configure the IP address of the VM and restart the network service

Steps are as follow:
Log into the VM via Console as root/changeme.  You will be prompted to change the root password.  You can do that now or leave it as is….

Enable SSH so you can log in as root:
– Run command “vi /etc/ssh/sshd_config” and find the line “#PermitRootLogin prohibit-password” and edit it so it says “PermitRootLogin yes” (remove the comment too!)

— It’s vi so remember to press “i” to insert and “escape :wq” to save and quit.
– Run command “systemctl restart sshd” to start the SSH daemon.

Configure the IP address of the VM and restart the service:
– Edit the IP, Gateway and DNS IP address below then run this multi line command ”

cat > /etc/systemd/network/10-static-en.network << “EOF”
[Match]
Name=eth0

[Network]
Address=10.10.10.5/24
Gateway=10.10.10.1
DNS=8.8.8.8
EOF

Cd /etc/systemd/network
Chmod 644 10-static-en.network
rm 99-dhcp-en.network
Systemctl restart systemd-networkd

— Some notes about the above commands
— You created a file named 10-static-en.network and put some ip config into it.
— You then went to the folder where the file was created, changed the permissions of the file, removed the DHCP config file, then restarted the service.

From here, your VM should be reachable from your desktop.  Try to ping or simply SSH to the VM and log in.   If you cant SSH, recheck your steps above.  The only thing preventing you from being able to now SSH to your VM is something on your desktop or your network blocking the connection.

Now, we have a clean Photon Appliance deployed.  Lets run some updates, get docker running then start building our docker image.
5 – Run the following commands.  These commands will update your OS and packages, install GIT, then reboot the appliance.  This reboot is important because some updates will make docker perform weird when started.
– tdnf update -y
– tdnf install -y git
(only when the above is complete – reboot the VM)
– reboot

Once update is complete and your VM is back online (should only take a few seconds to reboot) SSH back into your VM and lets prep things for Docker and our nginx image.
6 – Run these commands to open up the IP Tables firewall for port 80 and 443.
echo ‘iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT’ >> /etc/systemd/scripts/iptables
echo ‘iptables -A INPUT -p tcp -m tcp –dport 443 -j ACCEPT’ >> /etc/systemd/scripts/iptables
systemctl restart iptables

7 – Run these commands to enable and start docker, get our nginx “openresty” image, build the image, then run our first Container!
systemctl enable docker
systemctl start docker
git clone https://github.com/openresty/docker-openresty.git
cd docker-openresty
docker build -t myopenresty -f trusty/Dockerfile .

docker run –name nginx -p 80:80 -it myopenresty /bin/bash

** The “docker build” command can take two to ten minutes to complete.  I suggest pasting that command by itself, waiting for it to complete, refill your coffee, then running the docker run command after the build process is 100% complete.  The build command will pull down all of the needed images and build your docker container image.  This is where having a working internet connection for your Photon VM is most important.  If you are running this install inside a corporate network, you may be blocked from some of the download sites in the image.  Watch the SSH session for any download issues.  You will know it is complete and successful if you are back at your Photon root prompt and see “Successfully built ############”.
You can also run the “docker image ls” command to see if the image is in your local repo.

8 – You should now have a running docker container on your Photon OS appliance and be inside the shell for that Container.  Your prompt will change from Photon root to the HASH of your container image.

From here, you have one last thing to do, configure your nginx server nginx.conf file, restart the service, and test!
– You should be at the console of your docker container within your SSH session.  Edit the below code to reflect your URLs then paste this long multi line code into your SSH session to delete the old config files, create your nginx.conf file and restart nginx.  Notice below that I specified “/ui/” in my vcenter URLs.  If you are running vSphere 6.5, this will force your users to the HTML5 client.  If you want to force users to the Flash client…. {pause for thought here…}  then add  “/vsphere-client/” to the end of your vCenter URLs instead of the /ui/.  Or, simply leave the tail off to direct them to the page where you can select your GUI flavor.

mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.confCOPY
cp /usr/local/openresty/nginx/conf/nginx.conf /usr/local/openresty/nginx/conf/nginx.confCOPY
cd /usr/local/openresty/nginx/conf/
rm nginx.conf
cat > nginx.conf << “EOF”
events {
worker_connections 1024;
}
http {
server {
set_random $rnd 1 4;
listen 80;
location / {
if ($rnd = 1){
return 301 https://vcenter-prod.vmnick0.me/ui/;
}
if ($rnd = 2){
return 301 https://vcenter-dr.vmnick0.me/ui/;
}
if ($rnd = 3){
return 301 https://vcenter-test.vmnick0.me/ui/;
}
if ($rnd = 4){
return 301 https://vcenter-dev.vmnick0.me/ui/;
}
}#location
}#server
}#http
EOF

nginx -s reload

*** If the “nginx -s reload” command fails with some text about “error….PID…failed” nginx might not be running, so a reload isn’t going to work.   You can test this by simply starting nginx with command “nginx”

Now you can test your setup.   Go to a browser and type in the IP address (or DNS name or FQDN) of the VM you just created.  If everything is working correctly you should get redirected to one of the URLs you entered in the code above.  If you didnt edit the config file, you might have trouble getting to my vcenter servers.

**BIG NOTE!   you have two options to exit now
1 – Within your SSH session, press “Control+P+Q” to exit without killing your docker container.  Doing this should exit back to your photon root prompt.
2 – Kill the Session by closing the window.  Do not type exit or press Control+c.
If you accidentally typed exit and killed your container, you will need to start the container, restart another interactive session with that container, start nginx then exit gracefully. Commands for that will be different for you because your container ID will be different than mine.  Edit the below as needed:
docker container list -a
docker container start 1b359d921f60
docker container exec -it myopenresty /bin/bash
nginx
Control+P+Q     (Pressing this key combo is what created the “read escape sequence” text in the below screen shot.  That is not a command you can type.)

Some things to consider:
1 – Some browsers will cache the Parent URL and may not be “redirected” to a different URL after the first.
2 – Using more than one browser or different machines should result in other users/browsers receiving a different redirected URL.
3 – This can be used for any URLs or even IP addresses!  If you have some very log URLs, you can use this to auto complete for you.  NGINX is so flexible you can redirect based on trailing folder /folder/ in the URL using /location blocks.  You can even redirect based on server port, port 8080 and 8081 as an example could send you to different URLs based on the listen line.   Example,  listen 8080 sends you to google.com and listen 8081 sends you to bing.com!
4 – If you have any questions, find me on twitter @vmnick0