Category: Datacenter

DC topics

Installing Cisco Nexus Dashboard on Proxmox

Important disclaimer
This guide is intended strictly for lab, testing, and learning purposes.

Cisco does not officially support running Nexus Dashboard (ND) on Proxmox.
For production deployments, always use Cisco-supported platforms such as VMware ESXi or bare-metal / supported KVM environments.

VM Creation on Proxmox

Create a new VM in Proxmox with the following characteristics:

proxmox nd vm

One critical requirement is to add a Serial Port to the VM hardware. This is needed because Nexus Dashboard completes part of its installation via SOL (Serial Over LAN).

Monitoring the Installation via Serial Console

When you boot the VM, the graphical console will stop and display a message indicating that installation continues over SOL.

On the Proxmox host, connect to the VM’s serial console:

qm terminal <vmid>

Example:

qm terminal 137

You should see output similar to:

starting serial terminal on interface serial0 (press Ctrl+O to exit)
<lines removed>
Installing for i386-pc platform.
Installation finished. No error reported.
<lines removed>
Reached target Shutdown

=========================================================
Installation completed successfully. Node is powered off
Please unmount vMedia and power on
=========================================================

At this point:

  1. Remove the Nexus Dashboard ISO from the virtual CD-ROM
  2. Boot the VM normally

NIC Naming Issue on Proxmox (Important)

Nexus Dashboard expects specific NIC names in virtualized environments:

  • mgmt0, mgmt1
  • fabric0, fabric1

This works automatically on VMware, but not on Proxmox.
Without fixing this, the node will boot but have no network connectivity.

Workaround: Rename Interfaces Using systemd .link Files

Boot into Rescue Mode

At the MBR menu, press E to edit the boot entry.

Find the line starting with:

linux /vmlinuz...

Make the following changes only:

  • Replace ro with rw
  • Append: systemd.unit=rescue.target

Do not modify anything else.

Boot using Ctrl+X or F10.

Enter Maintenance Mode

When prompted with:

Press Enter for maintenance
(or press Control-D to continue):

Press Enter.

Remount the root filesystem as read/write:

mount -o remount,rw /

Identify Current Interface Names and MAC Addresses

Run:

ip link

Example output:

2: ens18: <BROADCAST,MULTICAST> mtu 1500 state DOWN
    link/ether bc:24:11:c0:52:ff
3: ens19: <BROADCAST,MULTICAST> mtu 1500 state DOWN
    link/ether bc:24:11:bf:96:96
4: ens20: <BROADCAST,MULTICAST> mtu 1500 state DOWN
    link/ether bc:24:11:08:7d:1c
5: ens21: <BROADCAST,MULTICAST> mtu 1500 state DOWN
    link/ether bc:24:11:e8:94:59

Make note of each MAC address — this is crucial.

Create systemd Network Link Files

Create four .link files, one per interface, under:

/etc/systemd/network/

Example filenames:

  • 10-mgmt0.link
  • 10-mgmt1.link
  • 10-fabric0.link
  • 10-fabric1.link

Filenames must:

  • Start with 10-
  • End with .link

Only vi is available, so use it to create the files.

Example: mgmt0

vi /etc/systemd/network/10-mgmt0.link

Contents:

[Match]
MACAddress=bc:24:11:c0:52:ff

[Link]
Name=mgmt0

Repeat this process for:

  • mgmt1
  • fabric0
  • fabric1

?? Be careful to match the correct MAC address for each interface.
Copy/paste errors here are very common.

Reboot the VM

Once all files are created:

reboot

First Boot Nexus Dashboard Setup

Wait for the console message:

Press any key to run first-boot setup on this console...

Press any key and follow the setup wizard.

Example session:

Starting Nexus Dashboard setup utility
Welcome to Nexus Dashboard 4.1.1g

Admin Password:
Reenter Admin Password:

Management Network:
  IP Address/Mask: x.x.x.124/24
  Gateway: x.x.x.1

Is Cluster Leader? (Y/n): y

Important
Make sure you assign an IP address that is reachable from your LAN.

Confirm the configuration and continue.

System Initialization

After a few minutes, you should see:

System initialized successfully
System UI online, please login to https://x.x.x.124

Log in on the console using:

  • Username: rescue-user
  • Password: the one you configured earlier

Final Verification

Verify interface names:

ip link

You should now see:

  • mgmt0
  • mgmt1
  • fabric0
  • fabric1

At this point, networking should be fully functional.

Access Nexus Dashboard

Open a browser and navigate to:

https://<your-ip-address>

Done!
You now have Cisco Nexus Dashboard running on Proxmox for lab and learning purposes.

Happy labbing!

Posted on by Calin 1

SSL Certificate signed by own CA

There are a lot of “how-to” on the Internet explaining the setup procedure. This is mainly a copy / paste example for those in a hurry :)

How to setup your own CA

Generate a key for CA

openssl genrsa -aes256 -out myCA.key 4096

Pick a password and remember it!

Generate a SSL certificate for CA

openssl req -new -x509 -days 3650 -key myCA.key -out myCA.crt

How to create a new SSL certificate signed by your own CA

Request a new key for the new domain that you want to secure

openssl genrsa -aes256 -out MyServerName.key 2048

Pick a password and remember it!

Request a CSR and sign it with the previous created key

openssl req -new -key MyServerName.key -out MyServerName.csr

Request the SSL certificate and sign it against the CA

openssl x509 -req -in MyServerName.csr -out MyServerName.crt -sha1 -CA myCA.crt -CAkey myCA.key -CAcreateserial -days 720

(Optional for Linux) Secure the key on the server

chmod 0400 *.key

To have the SSL working you need to copy on the server side
– MyServerName.key
– MyServerName.crt
– myCA.crt (that’s the CA certificate)

How to view a certificate

openssl x509 -in MyServerName.crt -text -noout

How to check whether a private key matches a certificate or that the certificate matches the certificate signing request (CSR)

openssl x509 -noout -modulus -in MyServerName.crt | openssl md5
openssl rsa -noout -modulus -in MyServerName.key | openssl md5
openssl req -noout -modulus -in MyServerName.csr | openssl md5

Does anybody knows a simple script that can offer the above functionality from web interface? I was looking around for a while now, but either they are enterprise complex or do not work. Let me know in Comments if you have a good suggestion.

Thanks!

Posted on by Calin 0