[Oracle Linux 10] OS basic installation and virtualization modules enablement - Part 1

Oracle Linux Virtualization

Setting up a virtualization host from scratch is always a great learning experience. Recently decided to test Oracle Linux 10 and its native KVM modules by running the entire setup inside my existing ESXi environment. It's a solid approach to see how it handles before considering a physical deployment. Let's walk through the process of getting Oracle Linux 10 installed and ready for virtualization in a nested scenario.

Before we dive into the setup, let's quickly cover what actually powers virtualization on Oracle Linux 10. Under the hood, it relies on a rock-solid, open-source stack. At its core is KVM (Kernel-based Virtual Machine), which essentially turns the Linux kernel itself into a hypervisor. This is paired with QEMU for hardware emulation, and everything is managed by libvirt, the API and toolkit that lets you interact with your VMs using familiar tools like virsh or Virt-Manager.

Before proceeding with the step-by-step guide, let's see how we created the virtual machine structure.

Let's give a name to the VM for instance "olvm1" (1) and set the following parameters as below (2) and click NEXT (3).

Compatibility	ESXi 9.0 virtual machine
Guest OS family	Linux
Guest OS version	Oracle Linux 10 (64-bit)

We set the CPUs (in my case as in the figure below #2 Socket with #4 cores) (4), and enable the two options "Expose IOMMU to the Guest OS" (5) and the hardware virtualization option "Expose hardware assisted virtualization to the guest OS" (5) (as shown in the image below). This step is very important to enable virtualization features in the guest vm...

... so we configure 32 GB of RAM (6) and 16 GB of disk in Thin Provisioning mode (7)(to save space in the LAB)...

... we just add #4 NICs for future scopes.
The important thing here regarding network settings (which I haven't been able to resolve yet) is the type of adapter to use. I tried VMXNET3 and the vmtools installed in Oracle Linux 10, but I can't get above 10Mb/s. So I decided to set it to E1000e so we can reach 1Gb/s. This will be the subject of future investigations.

Selected the Networks, according to our needs; selected the ISO to install; after a careful review we can conlude the creation of the VM structure pressing the FINISH (8) button.

Let's start here with a quick guide on how to install Oracle Linux 10 and enable the core virtualization modules, powering ON the VM.

We select "Install Oracle Linux 10.1.0" and we hit Enter (9).

We select the installation language (English US is ok) and click on Continue (10).

At the installation summary we start hitting at the localization the Keyboard (11) button...

... press the "+" (12) button and select our keyboard type (Italian in my case) (13) and then Add (14)...

Let's remove the one we don't need, "English US", and click Done (15).

In the installation summary, click "TIME & DATE" (16) to set the correct Time zone.

Once set properly, in our case, Region is Europe and City is Rome (17), click Done (18) to return to the previous menu.

From the main manu, let's select now "Installation Destination" (19).

We select the hard disk (in our case it is the only selectable 16GB one) (20)...

... in some cases, we may need to reclaim disk space, selecting the actual disk (21) and deleting all (22) partitions. Then click Done (23).

We change now the USER SETTINGS by first setting a new root password by clicking on "Root Account" (24) and then creating a new user by clicking on "User Creation" (25) ...

We "Enable root account" (26), we enter a new root password (26) and enable "Allow root SSH login with password" (26). Click Done (27).

Let's create a new user (in our case ol10user) and provide new password.
In our LAB case, we also enable the flag "Add administrative privileges to this user account (wheel group membership)" and "Require a password to use this account", then click Done (28).

It's time to configure our network settings, clicking on "Network & Host Name" (29).

In our case we only need to configure the ethernet ens34 (and leave the others unconfigured for now) to allow the server to be reachable.
We select Ethernet(ens34) (30) > Configure ... (31) ...

... IPv4 Settings (32) > Method Manual (33) > Add (34) a new Address.
In our case the address is 192.168.1.231/24 the gateway 192.168.1.1 (35) as well as for the DNS server 192.168.1.1.(36)
Once everything is set as desired, click Save (37).

We set the new Host Name by typing olvm1 (38)(in our case) Apply (39) and Done (40).

We are now ready to "Begin Installation" (41).

When intallation is Complete, we Reboot System (42).

We log in with the user ol10user ...

This concludes the first part.

That's it.

[VCF 9.0] Configure Single Sign-On in embedded mode

VCF Single Sign-On

In a previous post we went through the steps on how to configure an LDAP directory to be used as a Identity Source in VCF 9.0.

Today we’re going to be going through the steps of configuring SSO, using the previous configuration as identity source.

When you configure VCF Single Sign-On you can either implement it in embedded mode within the management domain vCenter or deploy it in appliance mode.

Use the embedded deployment mode if you want to use VCF Identity Broker that is embedded in the management domain vCenter and do not want to deploy a VCF Identity Broker appliance for VCF Single Sign-On configuration. You use the embedded deployment mode typically within a single VCF Instance. In the embedded deployment mode, the VCF Identity Broker is configured in the management domain vCenter of the VCF Instance. Embedded Deployment Mode The following diagram shows the embedded deployment mode where the VCF Identity Broker is configured in the management domain vCenter.
Further informations on which Identity Broker to configure are available on the official Broadcom website at this link.

Let's see how to set up the Identity Broker (embedded), below...

First, log into VCF Operations and browse to Fleet Management (1) > Identity & Access (2)...

...so if it's your first time, scroll down and accept all the Prerequisites checks (3) and CONTINUE(4)

Select a VCF instance, in my case "instance-a" (6)

We begin with step 1 by choosing the deployment mode by pressing START (7).

Check Identity broker (embedded) (8) and then NEXT (9)...

... EDIT (10) ...

... in my case as directory-base identity provider we choose Open LDAP (11) and hit NEXT (12).

In step 2, we CONFIGURE (13) now the identity provider.

At this stage, we need to configure Identity Broker to integrate with the identity provider selected for user authentication. As our identity provider, in our case, we'll use the one configured in the previous post.

We fill it in as follows (14):

Directory name: vcf-lab
Primary domain controller: ldap://192.168.1.246       389
Directory search attribute: Custom Attribute
Custom directory search attribute for Users: cn
Custom directory search attribute for Groups: cn
Base DN: dc=vcf,dc=lab
Bind user name: cn=admin,dc=vcf,dc=lab
Bind user password: VMware123!VMware123!

NEXT (15)

Leave LDAP Configuration (16) as default (shown in the picture) and press NEXT (17)...

... review and FINISH (18).

Step 3, to CONFIGURE (19) user and group provisioning

Review Directory Information, hit NEXT (20).

Leave the "Attribute Mappings" as default (shown in the picture) and press NEXT (21).

We should now search for group names and select the LDAP Directory group Distinguished Names (DNs) that we want to sync.

Specify the base group DN: ou=Groups,dc=vcf,dc=lab (22)

We click on "SELECT BASE GROUP DN" (23) button and we select the groups we would like so sync (in our case "Administrators" "Users" (24)) then NEXT (25).

Based on how our LDAP directory, we need to search the users we want to use...
We fill in the "Specify the base user DN" field with the following values: ou=Users,de=vcf,dc=lab (26) and we hit "SELECT BASE USER DN" (27) button.
We search for the user name we want to sync (28) (for instance "lorenzo", "admin.vcf" ecc. ) and then we select it (29).
When we are satisfied with the selected users we proceed by pressing NEXT (or SAVE) (30).

We review the identity provider configuration and, if it is correct, we confirm by pressing FINISH (31)...

... DONE (32) ...

... we finalize by pressing FINISH SETUP (33)...

... and confirming the end of the configuration with CONTINUE (34).

If the Identity Source has been configured correctly, you should see what's shown in the image below...

and in the Component Configuration section...

Everything seems to be properly configured, let's do a double check by connecting directly to vCenter.

We log in as administrator@vsphere.local and we click on the hamburger menu > Administration > Single Sign On> Configuration. We should see (as shown in the picture below) that VCF SSO is configured through the VCF Identity Broker.....

Under Administration > Single Sign On > Users and Groups ... we should see in Domain list the new Identity Source "vcf.lab".

For testing, we add the following users of the new "vcf.lab" domain with their respective roles:
User/Group: admin.vcf           Role: Administrator
User/Group: lorenzo               Role: Read-only

Let's test vCenter access using VCF SSO (38) login method; LOG IN (39).

we type the username "admin.vcf@vcf.lab" the password (in our case "VMware123!VMware123!") and hit LOG IN (41) button.

Bhoomm!! It works!!

That's it.