CrashLoopBackoff

Review the Year – 2008

Recap of what happened in 2008 to a virtualization consultant/engineer guy.

Started the year as a Senior Network Engineer, by the end of January finished a 2.5.x upgrade to 3.0.1. Later found out the client upgraded to 3.5 a little while after I finished.

Beggining of March I was transferred/promoted to Senior Technical Advisor. At some point, I was renamed a Senior Technical Engineer but it was the same job doing internal infrastructure support, running our hosted Virtual Machine environment, and doing VMware pre-sales and implementation.

Do to shake ups in our company, I was then made a Senior Technical Consultant, which included more SE work for the general operation of our company (SMB Tech Support). So one day I can be designing a Virtual Infrastructure and then quoting a 1GB memory upgrade for a HP desktop.

As a consultant I was able to run some Capacity Assessments. Maybe it will lead to some projects for 2009.

So professionally this year I had four different jobs and/or titles and at least five different bosses.

The blog started as a joke between me and a co-worker. I thought of a name for a sweet 2 man vmware shop. Two VCP’s and a truck was born. During the fall I posted small comments and helps that I come across. Maybe once or twice a week (sometimes less). I have had fun trying out new software, researching esxcfg- commands, and making comments on cool things other bloggers have posted.

GNS3- Graphical Network Simulator – New Release

GNS3 is a excellent tool that uses dynamips to simulate routers running real Cisco IOS. You must have rights on your CCO account to download the IOS. It also includes the PIX emulator so you can check out your PIX/ASA configs.

Only piece missing is the switch simulators. You can combine GNS3 with VMware Workstation to build entire lab environments. I have one friend that has most of his voice lab for CCIE built using VMware and GNS3. Good stuff.

Runs in Windows/Linux/OSX.

New Version Download 0.6

Veeam Monitor Free

I love Free Stuff

I thought I would at least make a mention of this newly free product from Veeam. I use FastSCP all the time, and recommend it to people whenever I can. So this will hopefully be just as awesome.
At first the download was super slow. Now I am getting 1.11 MB/s. Much better.

Update:

Thanks to VeeamMeUp for recognizing the blog. Always happy to share software I like or might like.

Central Syslog Host for ESX – Syslog-ng

Someone may have already written all this, but oh well.

1. Install something free like Ubuntu Server.

2. I use Ubuntu because I like Debian and apt-get. So run:

#apt-get install syslog-ng

Running Syslog-ng gives you more than the standard syslog daemon.

3. Configure syslog-ng to recieve udp logs.

root@hoth:/# cd /etc/syslog-ng/
root@hoth:/etc/syslog-ng# vi syslog-ng.conf

side note: learn VI

Add this after the main source section:

source s_remote {
udp();
};

After the destinations:

destination df_remote { file(“/var/log/remote.$HOST”); };

The $HOST will sort the logs by IP of the server.

And finally add this to the end of the syslog-ng.conf file:

log {
source(s_remote);
destination(df_remote);
};

Now Restart the syslog-ng service

root@hoth:/etc/syslog-ng# service syslog-ng restart

4. Make changes to the ESX syslog config. Thanks to Tooms.dk I have been using syslog-ng so much I needed to find the commands for standard syslog.

1. In the /etc/syslog.conf file add this line “*.* @172.16.0.202” without the ” and change the ip number to your syslog servers ip

2. Restart the syslog service with the command “service syslog restart”

3. Open the ESX server firewall with this command “esxcfg-firewall -o 514,udp,out,syslog” to allow syslog outgoing trafic

4. Tell the ESX firewall to reload the config with this command “esxcfg-firewall -l”

Now you can tail -r /var/log/remote.10.10.10.2 (or whatever your IP is).

Can’t Beta Test

No hardware so I can’t beta test VMware. The dream is to build a lab at the house. Just need a NAS (or a SAN) and a couple of Dell 1950’s, Then the power to run it all. Oh, and space to keep it would be nice. I bet my attic is too hot in the summer and my garage is too wet all year around. The rest of the house is stacked to the ceiling with kids toys.

ESX Commands – esxcfg-boot

What in the world does this command do?

esxcfg-boot
esxcfg-boot
-h –help
-q –query bootvmkmod
-p –update-pci
-b –update-boot
-d –rootdev UUID=
-a –kernelappend
-r –refresh-initrd
-g –regenerate-grub
Queries cannot be combined with each other or other options. Passing -p or -d enables -b even if it is not passed explicitly. -b implies -g plus a new initrd creation. -b and -r are incompatible, but -g and -r can be combined.

Here is some output from my lab:
[root@esxlab2 root]# esxcfg-boot -q boot
272 0:*; UUID=96c048d7-ee1d-4455-b6a5-801bfbaabbdc /vmlinuz-2.4.21-7.ELvmnix /initrd-2.4.21-57.ELvmnix.img

[root@esxlab2 root]# esxcfg-boot -q vmkmod vmklinuxmptscsi_2xx.oe1000.olvmdrivervmfs3etherswitchshapertcpipcosShadow.omigrationnfsclientdeltadiskvmfs2

I am picturing these commands to be much like kernel options, modprobe and bootloader settings you would set up when you compile your kernel in Linux. Most hardcore linux guys would let you know you are a real man when you recompile your own kernel. In VMware, I would be hesitant to mess with any of this unless I broke something. Then again, with all of my VM’s on the SAN, if I bombed out an ESX host this bad, I would take 20 minutes to rebuild it.

Then I noticed from the B2V Guide that I would make use of this when I changed my queue depth on my hba’s. Which I have done before. I followed this note on the forums.

What other device driver options beside the hba will you every change?
Here is some things I found:
More HBA problems
And even more queue depth fun
And this list could be longer, just searching VMware Community.
I would guess that the reason we don’t jack with the drivers with ESX and the hardware is becuase of the very good compatibility list. You don’t just run ESX 3.5 on anything (at least not for production).

ESX Commands – esxcfg-auth

Following my alphabetical method of learning.

esxcfg-auth
usage: esxcfg-auth [options]

options:
–enablemd5 Enable MD5 password storage
–disablemd5 Disable MD5 password storage
–enableshadow Enable Shadow password storage
–disableshadow Disable Shadow password storage
–enablenis Enable NIS Authentication
–disablenis Disable NIS Authentication
–nisdomain=domain Set the NIS domain
–nisserver=server Set the NIS server
–enableldap Enable LDAP User Management
–disableldap Disable LDAP User Management
–enableldapauth Enable LDAP Authentication
–disableldapauth Disable LDAP Authentication
–ldapserver=server Set the LDAP Server
–ldapbasedn=basedn Set the base DN for the LDAP server
–enableldaptls Enable TLS connections for LDAP
–disableldaptls Disable TLS connections for LDAP
–enablekrb5 Enable Kererbos Authentication
–disablekrb5 Disable Kererbos Authentication
–krb5realm=domain Set the Kerberos Realm
–krb5kdc=server Set the Kebreros Key Distribution Center
–krb5adminserver=server
Set the Kerberos Admin Server
–enablead Enable Active Directory Authentication
–disablead Disable Active Directory Authentication
–addomain=domain Set the Active Directory Domain
–addc=server Set the Active Directory Domain Controller
–usepamqc=values Enable the pam_passwdqc module
–usecrack=values Enable the pam_cracklib module
–enablecache Enables caching of login credentials
–disablecache Disables caching of login credentials
–passmaxdays=days Set the maximum number of days a password remains valid.
–passmindays=days Set the minimum number of days a password remains valid.
–passwarnage=days Set the number of days a warning is given before a
password expires.
–maxfailedlogins=count
Sets the maximum number of login failures before the
account is locked out, setting to 0 will disable this
-p, –probe Print the settings to the console
-v, –verbose Enable verbose logging
-h, –help show this help message and exit

For more actual usage I would defer to one of the most useful vm blogs around from Scott Lowe. The common usage for most of us daily users would be to enable active directory authentication on the ESX. So your team of admins can get in and do work in certain situations. Now when your team is one (still looking for that other VCP, hopefully he passes the test this week) or two this is not a huge requirement.
Additional authentication requirements can be set here depending on your environments reqs. I would generally let clients know this is available but have not had anyone demand to have the maxfailedlogsin set to 5 or something.

From Professional VMware – Virtual Machine Disk Sizing Tool

Cool Sizing spreadsheet I found at
Professional VMware

“This is a tool that I created a while back to assist in sizing needed disk space in a deployment. Straight forward to use, the totals are calculated as follows: VMDK Size + Ram Size * 1.1 + 12Gb = Total Needed. While the VMDK may be obvious, the others are just as important. Ram Size is included, as ESX will create a swap file on the disk where the VM’s configuration resides (unless you specify otherwise) and needs to be included. The * 1.1 is to add 10% to the overall solution, to allow for snapshots. This can likely be adjusted up or down depending on your specific requirements, but I’ve found that at least 10% works best. The last number, 12GB. This one may seem like a mystery, and likely it is.”

I love good tools and tips like this. This comes from someone that has to plan and design the disk space usage well.

Lost VMDK Descriptor?

I know I don’t like to repost things other bloggers have already posted. I was just so excited to see this after my previous experience losing the VMDK descriptor.
New Descriptor

Bluebear Kodiak – Beta part 2

A confirmation before poweroff would be pretty sweet. I do miss click on stuff sometimes and today I killed a VM while messing with Kodiak.