Vallard Land
super secret tricks available only to you!
Creating USB key to install VMware ESXi 4.1
Jul 20th
Many servers don’t have DVD drives nor CD drives, so installing ESXi 4.1 with a CD is not optimal. Sure you could always buy a USB DVD drive, but why not try to be cool and do it with a USB stick instead? I’m actually a bigger fan of doing things through PXE. Network installs are the ideal way to manage datacenters. However, sometimes, if you’re a rovering IT guy like me going from site to site, you can’t always do network installs. There are an amazing amount of IT shops that I have run into that shun the idea of network installs. So, for those still in the dark ages, or for those who are on the road a lot, here is how we do it with a USB stick in 10 easy steps.
1. Get the VMware ESXi 4.1 ISO image from VMware.com.
2. Open the image. On my mac, I just click on the image and it opens it for me. On Linux you could do a loop back mount:
mkdir /media/ISO mount -o loop VMware-VMvisor-Installer-4.1.0-260247.x86_64.iso /media/ISO
If you have Windows, I’m sure you can use your favorite search engine to find a way to do it, but the rest of this tutorial is in Linux.
4. Now get a USB stick. You need to partition a large enough windows 95 image and make it bootable. I do this through fdisk:
fdisk /dev/sdc (or whatever it shows up as) d (delete all partitions) n # new partition p # primary partition 1 # 1 is the partition number. 1 # the first cylinder +300M # the size a # toggle bootable flag 1 # make partition 1 bootable t # change the type 1 # change to type W95 FAT32 w # write it out
5. Now you need to format it:
mkfs.vfat -n BOOT /dev/sdc1
6. Now we need to use syslinux and make it bootable. I do this on Linux like this:
syslinux -s /dev/sdc1 dd if=/usr/lib/syslinux/mbr.bin of=/dev/sdc # note that this is sdc not sdc1
7. Mount the USB stick and copy all the files to it:
mkdir /media/USB mount /dev/sdc1 /media/USB cp -a /media/ISO /media/USB
8. Now you have to get rid of the isolinux stuff:
rm -rf isolinux.bin mv isolinux.cfg syslinux.cfg
9. At this point you should be able to umount the USB drive and stick it in a server and boot from it and start the installer. The problem is (in my opinion) is that the Installer is hard coded to look for the CDROM. So you will error out saying that it can’t find the installation media. This is pretty lame. But that’s ok because I want to automate this anyway. So the answer is we make a kickstart file that can tell it where to go. So let’s edit the syslinux.cfg and add a kickstart file. We add these files to /media/USB where our USB is mounted.
The modified syslinux.cfg file:
Here we simply add the ks=usb argument. This tells it to use kickstart and that the kickstart file is found on the USB drive.
default menu.c32 menu title VMware VMvisor Boot Menu timeout 80 label ESXi Installer menu label ^ESXi Installer kernel mboot.c32 append vmkboot.gz ks=usb --- vmkernel.gz --- sys.vgz --- cim.vgz --- ienviron.vgz --- install.vgz label ^Boot from local disk menu label ^Boot from local disk localboot 0x80
The Kickstart file (ks.cfg)
My simple kickstart file (ks.cfg) just looks like this:
vmaccepteula rootpw cluster autopart --firstdisk --overwritevmfs install usb network --bootproto=static --ip=192.168.70.76 --gateway=192.168.70.1 --hostname=sumavihv --device=vmnic0 --nameserver=192.168.70.1 --netmask=255.255.255.0
10. There, now you’re done. Unmount the USB key, Put it in the server and it will install ESXi4.1 from the USB key without any prompting. Fun in 10 easy steps!
opening VNC from behind a firewall
Jul 14th
Here is the cast of characters:
1. blopr: A server that is behind a company firewall that I want to view its vnc session
2. netnet: A server that is on the internet that I have access to.
3. Me: The humble system admin who wants to view the VNC session on blopr.
Here is how I do it:
on Blopr:
vncserver :99 -depth 24 # and whatever other arguments you want to have. ssh -R 5999:localhost:5999 root@netnet.example.com
On NetNet:
redir --lport=5989 --cport=5999 --caddr=127.0.0.1
On yours-truleys humble macbook pro:
vncviewer netnet.example.com:89 # enter the password for blopr's vnc session
Presto! You are in there my friend!
Bonus for you to try: Suppose only SSH is allowed out from blopr? This is left as an exercise to the reader. But the trick is its very similar.
Simple VMware API script to list vms on a Host
Jul 8th
I’ve been getting back to playing with the VMware API and I’ve completely forgotten everything, so I’m starting off simple. Here is a simple script to connect to a host and to list the names of the VMs that are on it:
#!/usr/bin/perl
use Data::Dumper;
require VMware::VIRuntime;
VMware::VIRuntime->import();
1;
# try logging into a node:
my $conn;
my $hyp = 'vhost31'; # you can make this an option to pass in as well.
eval {
$conn = Vim->new(service_url=>"https://$hyp/sdk");
$conn->login(user_name=>'root',password=>'cluster'); # here are some easy root password stuff you need to change.
};
# make sure the connection worked
if($@){
print "Couldn't connect: $@\n";
exit 1;
}
my $entity_views = $conn->find_entity_views(view_type => 'VirtualMachine');
foreach my $ev (@$entity_views){
print $ev->name . "\n";
}
$conn->logout();
That’s pretty much it. Notice that I just printed the name. There are a lot of other things you could print as well on it if you wanted to. Just do a print Dumper($ev) and you’ll see the possibilities.
RH 5.5 kickstart: Install all packages
Jul 7th
from the release notes:
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Release_Notes/installation.html
You just specify:
%packages
@Everything
-@Conflicts
Java applet on Ruby on Rails
Jul 1st
I wanted to create a little VNC session on my rails application. The easiest way to do this was the following:
On my page, create an applet. This very simply looks like this:
<applet code="VncViewer.class" codebase="/java" ARCHIVE="/java/VncViewer.jar" WIDTH="640" HEIGHT="425" PASSWORD=f00> <PARAM NAME="PORT" VALUE="5901"> <PARAM NAME="HOST" VALUE="10.3.0.99"> <PARAM NAME="Cursor shape updates" VALUE="Disable"> <PARAM NAME="Share desktop" VALUE="Yes"> <PARAM NAME="Show controls" VALUE="No"> <PARAM NAME="Offer relogin" VALUE="No"> <PARAM NAME="Show offline desktop" VALUE="No"> </applet>
Notice that the IP address is the server that I’m connecting to.
Next, I downloaded the tightVNC source code. I then made a directory in my rails server:
public/java
and copied the VncViewer.jar file there.
Finally, make sure that vncserver is up and that you have a session with it. (Try running it manually and connecting with a normal vnc client). Make sure the passwords match what you have in your applet, then you are ready to roll.
How to Network Boot ESXi 4.0
Jun 14th
This isn’t supported by VMware obviously or you’d be looking at their documentation. However, this is an extremely useful way of provisioning ESXi on to servers. For starters, suppose you have a server running some accounting software during the day and you want to test that server by running virtual machines on it (VMs will be mounted from a NAS or something somewhere else).
One of the options I’ve seen from IBM is that you can buy their cool thumb drive which will set you back perhaps a few $100 ? I don’t know the price. The other option is to say “Thumb drives are so 2001. Get with the times man!” And then pay nothing by just network booting the image. Network booting is the only way to have real control of your data center and make it agile. Otherwise you’re stuck with the same scenario of the fool with the crash cart which is what you’re trying to avoid, right? If you’re using a crash cart to configure your servers, then you probably don’t have a cloud, nor an agile data center.
Ok grasshopper, this is how it is done:
1. Download the image from VMware. In my example, I’m getting the ESXi 4.0 image specialized for IBM hardware so that I can get the remote console to work. (That’s what happens if you don’t get the right one).
2. Mount the image and copy the contents of the file to some place. I copied all the files to /install/esxi4/x86_64/
3. cd /install/esxi4/x86_64/; tar zxvf image.tgz
4. This should create the directory usr/lib/vmware/installer. Now extract this image:
- cd usr/lib/vmware/installer
- bunzip2 VMware-VMvisor-big-4.0.0-208167-x86_64.dd.bz2
5. Take a look at the sectors to see which one we need to get:
- fdisk -lu VMware-VMvisor-big*dd
# fdisk -lu VMware-VMvisor-big-4.0.0-208167-x86_64.dd last_lba(): I don't know how to handle files with mode 81a4 You must set cylinders. You can do this from the extra functions menu. Disk VMware-VMvisor-big-4.0.0-208167-x86_64.dd: 0 MB, 0 bytes 64 heads, 32 sectors/track, 0 cylinders, total 0 sectors Units = sectors of 1 * 512 = 512 bytes Device Boot Start End Blocks Id System VMware-VMvisor-big-4.0.0-208167-x86_64.dd1 8192 1843199 917504 5 Extended VMware-VMvisor-big-4.0.0-208167-x86_64.dd4 * 32 8191 4080 4 FAT16 <32M VMware-VMvisor-big-4.0.0-208167-x86_64.dd5 8224 520191 255984 6 FAT16 VMware-VMvisor-big-4.0.0-208167-x86_64.dd6 520224 1032191 255984 6 FAT16 VMware-VMvisor-big-4.0.0-208167-x86_64.dd7 1032224 1257471 112624 fc VMware VMKCORE VMware-VMvisor-big-4.0.0-208167-x86_64.dd8 1257504 1843199 292848 6 FAT16 Partition table entries are not in disk order
The goods are inside *dd5. We see that the sector starts at 8224. Lets mount this partition.
6. mkdir /install/stage
7. mount VMware-VMvisor*dd /install/stage -o loop,offset=4210668
- offset is 4210668 because 512 * 8224 !
8. ls /install/stage
boot.cfg cim.vgz mod.tgz pkgdb.tgz vmkboot.gz cimstg.tgz license.tgz oem.tgz sys.vgz vmk.gz
9. Lets modify these images so that we can SSH into it. SSH is just so useful! This is done by making our own mod.tgz. If you extract the one you see there then you’ll find that its empty! So lets put something in it.
- mkdir -p tmpdir/etc/vmware/init/init.d/
- Put a file called ’47.enable-ssh’ that has the following:
#!/bin/sh
sed -ie 's/#ssh/ssh/' /etc/inetd.conf #ssh is too nice not to have
return ${SUCCESS}
3. copy an /etc/shadow into tmpdir/etc/shadow that has root’s password so you can ssh in with your password.
4. Go back to your tmpdir root and tar it up: tar czvf mod.tgz etc/
5. Copy this mod.tgz over the empty one.
Nice work! Now you’re ready to rock. You’ll need to set up dhcp and tftp to deliver the goods. Here’s what we do:
- Put all those files (boot.cfg, cimstg,tgz, you new mod.tgz file, mboot.c32, oem.tgz, pkgdb.tgz….. all those) into /tftpboot/esxi4/
- Make a PXE file for the node. Mine looks like this:
#netboot esxi4 DEFAULT xCAT LABEL xCAT KERNEL /esxi4//mboot.c32 APPEND /esxi4/vmkboot.gz ---\ /esxi4/vmk.gz --- \ /esxi4/sys.vgz --- \ /esxi4/cim.vgz --- \ /esxi4/oem.tgz --- \ /esxi4/license.tgz --- \ /esxi4/mod.tgz --- \ /esxi4/cimstg.tgz
Provided you have tftpboot and dhcp setup correctly, you can now just pxeboot these files and watch as your node comes up in a stateless ESXi hypervisor. Now I know what you’re saying: What about keeping track of virtual machines on the server? If it reboots, it comes up fresh and I don’t know what virtual machines should be there? This is true. But I’m not going into that right now. You’ll have to pay extra for that 
Anyway this may all seem like a lot of work to get up and running, but the convenience is awesome. All this information was gleaned from the xCAT source code that we wrote. xCAT does this for you automatically. Or for a more painless setup, you could use the Sumavisor to do it. Anyway, hope this helps and gets you thinking!
Ah, one last tidbit:
If you are on the console and want to log in directly to ESXi4, just do Alt+F1 and type: unsupported, then the prompt will come up (telling you its unsupported) and then you can just enter the root password you had from your /etc/shadow that you copied in and have access.
Server to Switch Port mapping with SNMP
May 20th
Let’s say you have a switch. And you are on a computer that is connected to the switch. You know the following:
- The name of the switch
- The SNMP community string and version the switch uses.
But, you’re too lazy to walk over to the data center to figure out which port you’re connected on.
Here’s what you do (assuming you’re running Red Hat or CentOS)
yum - y install net-snmp-utils
This gives you the snmpwalk command.
Now:
first, figure out your MAC address:
[root@n33 etc]# ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:A0:D1:E9:3E:DC inet addr:10.3.0.133 Bcast:10.3.255.255 Mask:255.255.0.0 inet6 addr: fe80::2a0:d1ff:fee9:3edc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:972965 errors:0 dropped:0 overruns:0 frame:0 TX packets:637686 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:587009797 (559.8 MiB) TX bytes:100870077 (96.1 MiB) Memory:fcde0000-fce00000
So my Mac is 00:A0:D1:E9:3E:DC
Nice.
Now lets look for this mac address on the switch. Assuming my community string is ‘foobar’ and my switch is set up to do snmp version 1, and my switch name is switch1, I do:
snmpwalk -v 1 -c foobar switch1 SNMPv2-SMI::mib-2.17.4.3.1.1
When you do this, you’ll see a list of the nodes. Among them should be a Hex-STRING that matches your MAC address:
... SNMPv2-SMI::mib-2.17.4.3.1.1.0.160.209.233.62.220 = Hex-STRING: 00 A0 D1 E9 3E DC ...
Notice that the string:
0.160.209.233.62.220
Is the decimal representation of the MAC address:
00:A0:D1:E9:3E:DC
So you have verified one important piece of information: You are in fact connected on this switch!
Now figure out which port!
We use the decimal representation of the MAC address from this point on to find the port. Usually for me this works:
snmpwalk -v 1 -c foobar switch1 SNMPv2-SMI::mib-2.17.7.1.2.2.1.2
Among the output I get:
SNMPv2-SMI::mib-2.17.7.1.2.2.1.2.413.0.160.209.233.62.220 = INTEGER: 5
This tells me that my node is connected to port 5 on the switch.
Sometimes (on cisco switches and others) you may need to use a different approach for the mac-to-index values:
snmpwalk -v 1 -c foobar switch1 SNMPv2-SMI::mib-2.17.4.3.1.2
This is great, in that I never had to leave my chair to figure this out! The pounds pile up and my largeness increases. Anybody got a better/easier way to do this?
Rails and other web services on the same box
Apr 27th
The Sumavisor is built on top of xCAT. The Sumavisor is a rails application, with lots of xCAT plugins that sit on top of the base xCAT. One thing we had to work out was having a web server host a rails application (the Sumavisor) and allow xCAT to install nodes via HTTP. The solution is quit trivial thanks to my friend Ben. You simply add one line in the directories you don’t want Passenger to run in. So for xCAT, you put in /etc/httpd/conf.d/xcat.conf
<Directory “/tftpboot”>
Options Indexes +FollowSymLinks +Includes MultiViews
AllowOverride None
PassengerEnabled off
Order allow,deny
Allow from all
</Directory>
<Directory “/install”>
Options Indexes +FollowSymLinks +Includes MultiViews
AllowOverride None
PassengerEnabled off
Order allow,deny
Allow from all
</Directory>
That makes it so my code all runs very nice
A lesson learned from my time at IBM
Apr 3rd
As I’ve been running Sumavi, my new company for the last 2 months I’ve been thinking a lot of what types of activities I can do to make it successful for the near term and the long run. One of the themes that has constantly come to my mind is the “Use what you sell” message.
This is something I first thought of while working at IBM. I was developing a product called CSM. I thought it was pretty good, but none of the sales engineers liked it. They all used xCAT instead. Its not like they didn’t try it. Some did. They tried CSM and they went right back to xCAT. They would think: “Why pay for something I don’t like when I can get this software kit that I love for free?”
In addition to this manufacturing started using xCAT to test all their clusters and then even the nascent On-Demand center standardized on xCAT as well. None used CSM.
After going out into the field and working with customers I saw pretty clearly why CSM wasn’t meeting the needs of our customers. But at the same time, it was difficult to describe the frustration to my old development team. They would ask for bullet pointed lists of things that were wrong with it. I would stay up late at night trying to pinpoint all of my issues, but it just didn’t resonate. It could be my lack of communication skills or that I just couldn’t describe it. I found that some people got very defensive.
In a matter of time CSM became end of life and the team was disbanded. Now some of those people are part of the xCAT development team. Its been great to continue to work with them. I’m now outside of the blue curtain, but I’m still an open source contributor to the xCAT project.
I find myself thinking all the time if I’m drinking too much of my own Kool-Aid.
I think the best thing that we could have done back then was send developers out to the customers that use it, or at the very least work with internal customers. Have a rotation where a developer needs to join support to at least get a first glimpse of how customers use the code. This is something that I think made xCAT successful. We would make changes or get feedback right away from our customers. I hope to do this with Sumavi. In fact, we’ll have our first beta customer in a week from tomorrow where we’ll get a chance to see what we’re made of.
But you don’t even have to go that far. Consider for example Lotus Notes at IBM. They are doing a great job of using what they sell. However, they’re more ramming it down other people’s throats. Think of all the nick names I heard for it from IBM employees. IBM has a gold mine of enterprise users that are smart and know good software when they see it. All IBM needs to do is send an email to all the employees that reads:
“We’re conducting a manditory brief survey. Click <yes> if you like Lotus Notes. Click <here> if you think its ok, and Click <here> if you really dislike it. You may also enter comments below if you like:”
Simple. Then all the managers just have to make sure the employees fill it out. Its easy to do, IBM made me do it every year with my BCGs. (Only in this case, they need to make sure its anonymous)
Then, depending on the results, you either give the Senior VP of Lotus Notes a raise, or you fire him. My guess is that they will probably end up firing them. The point is, you have all these internal ways and attitudes in your corporation and you need to look at the truth and stop kidding yourself or your project will be dead.
My prediction is that if Notes doesn’t shape up, it won’t be around much longer. Nobody I have ever talked to about it likes it. I don’t think it would be too hard to make work either.
Here’s what I would suggest:
- Make it work natively on my iPhone. (Maybe this is just IBM’s implementation and it works fine everywhere else, don’t know)
- Give me a non-java client, or let it integrate seemlessly with Apple Mail
- Why on earth is there a program called “Zap-Notes” that will allow you to kill the notes processes without restarting your computer? This is embarresing.
- Start limiting the function of it and focus on core things. Start innovating. Stop playing catch up.
Anyway, hopefully others will have the same painful advice for me on the Sumavisor that we’re creating at Sumavi. But you know what we’re going to do? We’re not going to ignore it. We’re going to take it, and do our best to make at least 75% happy. (Why 75%? Because some people will never be happy, especially people in IT. (But we’re still going to try!))