labunix's blog

labunixのラボUnix

VMware WorkStation 10 Linux版のvmnet*をプロミスキャスモードにする。

■VMware WorkStation 10のvmnet*をプロミスキャスモードにする。
 Fortigate-VMをHA構成にするにはプロミスキャスモードを有効にする必要がある。

$ cat /etc/debian_version 
7.8
$ lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 7.8 (wheezy)
Release:	7.8
Codename:	wheezy

$ vmware-installer -l
Product Name         Product Version     
==================== ====================
vmware-workstation   10.0.2.1744117      

FGVM_SerialNo9 # get system status | grep Version
Version: FortiGate-VM64 v5.2.3,build0670,150318 (GA)
Release Version Information: GA

■プロミスキャスモードに変更

$ grep -3 "promiscuous /dev/vmnet" /etc/init.d/vmware
vmwareStartVmnet() {
   vmwareLoadModule $vnet
   "$BINDIR"/vmware-networks --start >> $VNETLIB_LOG 2>&1
    chgrp promiscuous /dev/vmnet*
    chmod g+rw /dev/vmnet*
}

$ grep promiscuous /etc/group > /dev/null || \
  sudo groupadd promiscuous; \
  id | grep promiscuous > /dev/null || \
  sudo usermod -a -G promiscuous `whoami`

$ sudo chgrp promiscuous /dev/vmnet*; \
  sudo chmod g+rw /dev/vmnet*

■確認

$ grep promiscuous.*`whoami` /etc/group
promiscuous:x:1001:labunix

$ grep promiscuous /etc/group
promiscuous:x:1001:labunix

$ ls -l /dev/vmnet*
crw-rw---- 1 root promiscuous 119, 0  67 07:54 /dev/vmnet0
crw-rw---- 1 root promiscuous 119, 1  67 07:54 /dev/vmnet1
crw-rw---- 1 root promiscuous 119, 8  67 07:54 /dev/vmnet8

$ sudo vmrun -T ws list
Total running VMs: 2
/home/labunix/vmware/SharedVMs/FGT-VM64_2/FortiGate-VM64_2.vmx
/home/labunix/vmware/SharedVMs/FGT-VM64_1/FortiGate-VM64_1.vmx

■「diagnose sys ha status」でSlave側の番号を確認

$ ssh admin@XXX.XXX.XXX.XXX 'diagnose sys ha status' | \
  sed -e 's/FGVM[0-9]*\([0-9]\)/FGVM_SerialNo\1/g'
FGVM_SerialNo9 # HA information
Statistics
	traffic.local = s:0 p:5510 b:756818
	traffic.total = s:0 p:5510 b:756818
	activity.fdb  = c:0 q:0

Model=5, Mode=2 Group=0 Debug=0
nvcluster=1, ses_pickup=0, delay=0

HA group member information: is_manage_master=1.
FGVM_SerialNo9, 1. Master:128 FGVM_SerialNo9
FGVM_SerialNo0, 0.  Slave:100 FGVM_SerialNo0

vcluster 1, state=work, master_ip=169.254.0.2, master_id=0:
FGVM_SerialNo9, 0. Master:128 FGVM_SerialNo9(prio=0, rev=0)
FGVM_SerialNo0, 1.  Slave:100 FGVM_SerialNo0(prio=1, rev=1)

# show system ha | grep -v password
config system ha
    set group-name "FGT"
    set mode a-p
    set hbdev "port1" 50 
    set override disable
    set monitor "port1" "port3" 
end

■「execute ha manage [Slave側の番号]」でSlave側にログイン、再起動

FGVM_SerialNo9 # show system ha | grep -v password
config system ha
    set group-name "FGT"
    set mode a-p
    set hbdev "port1" 50 
    set override disable
    set monitor "port1" "port3" 
end

FGVM_SerialNo9 # get system ha | grep pr
priority            : 128

FGVM_SerialNo9 # execute ha manage 0

FGVM_SerialNo0 $ show system ha | grep -v password
config system ha
    set group-name "FGT"
    set mode a-p
    set hbdev "port1" 50 
    set override disable
    set priority 100
    set monitor "port1" "port3" 
end

FGVM_SerialNo0 $ execute reboot

■フェイルオーバ
 ※管理元から見えるホストが変わるので、
  リモートではなくWeb管理コンソールやシリアルコンソールから実行した方が良い。

FGVM_SerialNo9 # diagnose sys ha reset-uptime
FGVM_SerialNo0 $