Making Royal TSX Even More Awesome

For those who don’t know, Royal TSX is an awesome Remote Management solution, which supports RDP, VNC, SSH, S/FTP and even ESXi and vCenter. I’ve been using it for years, not just because they offer free licenses for vExperts (and others), but simply because it works really well. Store it’s config file on a synchronized file area (like Dropbox), and boom, your config follows you around from machine to machine, including custom icons. What’s not to like?

Following Ryan Johnson’s tweet, where he showed off his VMware Clarity inspired Royal TSX setup, I decided to do something similar. Unlike Ryan, I decided to run with the standard Clarity icons, and not invert them. Since the Clarity icons are in .svg format, I had to convert them to .png to be able to use them as icons in Royal TSX, I’ll post a separate post on how I batch converted them later.

Currently, my setup looks like this

Royal TSX with Clarity icons

Changing the icons for entries is pretty straight forward. For existing entries in your config file, simply open the items properties and click on the small icon besides the Display Name. This brings up a dialog showing the built-in icons, but also reveals an option to browse your filesystem for a new icon to use.

Update: Felix from Royal Applications left a nice comment, explaining that you can also drag-and-drop icons directory from finder into Royal TSX as well as the manual process described above.

To change the default icons, find Default Settings in the Navigation Panel on the left, and follow the same procedure.

While the primary goal was to prettify my setup with snazzy new icons, I discovered that I could do quite a few things besides that as well.

As seen in the screenshot, there are a couple of web pages added, but perhaps more interesting are the “PowerCLI” and “Connect VPN” entries.

Running PowerCLI Core from Royal TSX

I run the PowerCLI Core Docker container on my Macbook from time to time, so why not have the option to run it directly from Royal TSX? Once you have it up and running, adding it as a Command Task is pretty easy!

Add a new Command Task, and put in the docker run command in the Command: field

Update: Since originally posting, I’ve discovered that there is an even better ways of doing this, and at the same time keep your PowerCLI running in a tab inside of Royal TSX. Instead of adding it as a Command Task, add a new Terminal connection, but use Custom Terminal as the connection type:

Then add the command you want to run under Custom Commands

In my case, I want to run the following command:

docker run --rm -it --entrypoint='/usr/bin/powershell' vmware/powerclicore

Now, under “Advanced”, find the Session option. Enable “Run inside login shell” to make sure your applications, like Docker, are found without having to specify the complete path to it, and that’s it. As long as Docker runs locally, PowerCLI core can now be launched directly from the navigation bar, and it opens a new tab inside of Royal TSX!

This can also be used to run other things of course, I’ve added a new Terminal option to my sidebar as well, which opens iTerm2 in a new tab.

Connecting Tunnelblick VPN Royal TSX

I run OpenVPN at home, and use Tunnelblick as my client of choice. In order to connect to my home network, I’ve created another Command Task, with the “Run in Terminal” option configured, that runs a simple AppleScript command instructing Tunnelblick to connect.

osascript -e "tell application \"Tunnelblick\"" -e "connect \"[your-connection-name]\"" -e "end tell"

I guess I really understated the percentage of awesomeness increase by doing this, it should at least have been 84% 92,7%.

 

Cross vCenter VM Mobility Fling – macOS?

The VMware Cross vCenter VM Mobility – CLI was recently updated so I decided to try it out. In short, this little Java based application allows you to easily move or clone VMs between disparate vCenter environments.

The Fling is listed with the following requirements:

  • JDK 1.7 or above
  • Two vCenter instances with ESX 6.0
  • Windows : Windows Server 2003 or above
  • Linux : RHEL 7.x or above, Ubuntu 11.04 or above

There is no mention of macOS there, but I decided to give it a go any way, and it turns out that it works just fine on macOS as well!
Just make sure you have the Java JDK installed locally. When I ran it the first time, I got the following error, since the JAVA_HOME environment variable was not set.

[cc lang=”bash”]
~/Downloads/xvc-mobility-cli_1.2$ sh xvc-mobility.sh
set JAVA_HOME to continue the operation
[/cc]

This is very easy to fix, just run the following command in your terminal of choice, and xvc-mobility.sh should work just fine on your Mac.

[cc lang=”bash”]
export JAVA_HOME=$(/usr/libexec/java_home)
[/cc]

Next up is running the fling with the correct parameters (this is a clone operation, not a relocate):

[cc lang=”bash”]
~/Downloads/xvc-mobility-cli_1.2$ sh xvc-mobility.sh -svc [source-vcenter] -su [source-vcenter-username]
-dvc [destination-vcenter] -du [destination-vcenter-username]
-vms [vm-name] -dh [destination-host]
-dds [destination-datastore] -op clone -cln [destination-vm-name]

13:41:40.591 [main] INFO com.vmware.sdkclient.vim.Task – CloneVM_Task | State = SUCCESS | Error = null | Result = [email protected]
13:41:40.597 [main] INFO com.vmware.sdkclient.vim.Task – Monitor task end
13:41:40.597 [main] INFO com.vmware.sdkclient.vim.Task – CloneVM_Task took : 0:51:33.728
13:41:40.603 [main] INFO c.v.s.helpers.CrossVcProvHelper – Successfully cloned the vm:[destination-vm-name]
[/cc]

I was able to clone a VM from my lab in Bergen to my lab in Oslo, without any problems what-so-ever. Not only is that a Cross vCenter vMotion, but also a Cross Country one, awesome!

Now this is just an example, please check the official documentation for all the parameters, and what the tool expects.

Logging SSH logins to Slack

I’m using Slack to alert and log a few things in my environment, and one of the things I use it for is to alert me if someone logs on via SSH to my public facing Jumphost.

For a good walkthrough on how to set up such a host, check out Tunnel all your remote connections through ssh with a linux jumpbox by Luca Dell’Oca.

My Ubuntu 16.04 Jumphost is set up to only accept Key-Based Authentication, to secure it as much as possible, but I would still like to get instant notification if someone logs into it interactively.

How to set up SSH login notification to Slack.

  1. screenshot-2016-10-06-13-04-51First of all, we need  an Incoming WebHook in Slack in order to receive the notifications.
    You configure those from the Apps & Integration menu item. This in turn opens up the Slack App Directory, find Build on the top right and then choose Make a Custom Integration.
  2. screenshot-2016-10-06-13-08-09One your are in the Build a Custom Integration section, find (or search) Incoming WebHooks and select that.
  3. Next up, define which Slack channel should be the integration point, and click on Add Incoming WebHooks integration.
  4. Copy the Webhook URL presented on the next screen
    Note: keep this one a secret, anyone with access to this URL will be able to post to your Slack channel.
  5. On my Ubuntu 16.04 Linux jumphost I’ve created a small bash script called /etc/ssh/notify.sh. This script utilizes curl  and the WebHook URL to post information directly to Slack. The script looks like this:notify.sh
    [cc lang=”bash” escaped=”true”]
    #!/bin/sh
    url=”https://hooks.slack.com/services/*********”
    channel=”#messages”
    host=”`hostname`”
    content=”\”attachments\”: [ { \”mrkdwn_in\”: [\”text\”, \”fallback\”], \”fallback\”: \”SSH login: $USER connected to \`$host\`\”, \”text\”: \”SSH login to \`$host\`\”, \”fields\”: [ { \”title\”: \”User\”, \”value\”: \”$USER\”, \”short\”: true }, { \”title\”: \”IP Address\”, \”value\”: \”$SSH_CLIENT\”, \”short\”: true } ], \”color\”: \”#F35A00\” } ]”
    curl -s -X POST –data-urlencode “payload={\”channel\”: \”$channel\”, \”mrkdwn\”: true, \”username\”: \”ssh-bot\”, $content, \”icon_emoji\”: \”:computer:\”}” $url
    /bin/bash
    [/cc]Replace the  the WebHook URL with your own from step 4 and which channel to post to and you should be ready to go.  This script logs the username and the IP address the connection comes from, and then posts it to the Slack WebHook with the help of curl.Note: I’ve chosen to include the WebHook name etc in the script itself, instead of via the WebHook definition on Slack, mostly since I don’t want to create a WebHook for all hosts I want logging from. With this setup, I can just change the username part of the curl command. It already logs the hostname, so this is pretty much superficial, but hey, that’s how I made it.
  6. chmod +x /etc/ssh/notify.sh to make it executable, and test it. If everything works as expected, you should see an immediate log entry in your chosen Slack channel.
  7. On order to make this script runs every time someone logs into the Jumphost, I added a ForceCommand to the end of my /etc/ssh/sshd_config file, like this:[cc lang=”bash” escaped=”true”]
    ForceCommand /etc/ssh/notify.sh
    [/cc]

And that’s it. A login via SSH on the Jumphost now looks like this in my Slack channel:

screenshot-2016-10-06-13-26-10

How awesome is that? Of course, this just scratches the surface of what is possible with Slack’s Incoming WebHooks, I’m using a similar approach for logging new devices discovered in phpmyipam but that’s for another post.