“This is a RAID status update from mpt-statusd” in Debian 6

Posted by & filed under Linux & Unix.

Linux logo

I am getting mails sent to root on a fresh install of Debian 6 constantly telling me about RAID status changes, which is odd since the guest isn’t sitting on RAID 5 storage.

“This is a RAID status update from mpt-statusd.  The mpt-status program reports that one of the RAIDs changed state:” mpt raid status change

The root casue of is due to Debians way of detecting VMware’s ‘LSI Logic Parallel’ virtual disk controller, when creating default virtual machines the vmware wizard defaults to the SCSI controller ‘LSI Logic Parallel’ when instead it should be set to ‘LSI Logic SAS’. If it is set as ‘SAS’ Debain won’t try and install “mpt-status” therefore this alert never appears.

In order to disable the messages (and the daemon itself) do the following as root:

1. Change user to root

su - root

2. Stop the mpt-statusd Service

/etc/init.d/mpt-statusd stop

3. Stop mpt-statusd from running

echo RUNDAEMON=no > /etc/default/mpt-statusd

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

VMware Anti Affinity Rules in VMware ESX

Posted by & filed under VMware ESX.

vmware-logo

I recently had to setup anti affinity to separate two guest operating systems that were clustered using Microsoft Cluster. This ensured that each guest would not be on the same host, reducing the risk of hardware failure bringing down both hosts and the cluster. Other examples might be that you want your primary and secondary DNS servers on separate physical hosts, if one host physically dies; you have the other DNS server serving requests.

There are also rules for storage anti affinity (SDRS), it is one thing separating the processing power between different hosts but if both guests are residing on the same storage you are still left with a single point of failure.

I have seen it a few times where there is data replication setup between who virtual guests, DRDB comes to mind, this is great but if the data is stored on the same datastore and that datastore goes down, you have lost both your primary and secondary data.

I will go over how to setup storage anti affinity in a different blog

  1. Right click on your cluster and click on “Edit Settings”
  2. Turn on vSphere DRS if not alreadyTurn on DRS in Cluster
  3. Click on “Rules”
  4. Click “Add”
  5. Type the name you wish to call the rule
  6. Change the type to “Seperate Virtual Machines” Setting up Rule
  7. Click “Add”
  8. Select the servers you wish to seperateSelecting Servers
  9. Click “OK”Finishing Rule Setup
  10. Click “OK”
  11. Expand “+” next to the rule to ensure you have the correct serversCreated Rule
  12. Click “OK”
  13. Ensure “Reconfigure cluster” tasks finishes with “Completed” statusReconfiguring Cluster

There you have it, anti affinity rules setup between two servers.

Sharing .VMDKs on VM’s in VMware ESX

Posted by & filed under VMware ESX.

vmware-logo

Recently I had to create a vmdk disk to share between two Microsoft Clustering servers. The purposes was to be utilised for a Quorum disk and found it isn’t as simple as creating a disk and attaching to the other host.

This was done on a Microsoft 2008 R2 Server however it is dependent on operating system so make sure it is supported before doing this, or better yet, try it on a test environment!

In this example the servers will be called “Server1” and “Server2”. The servers will be hosted on different hosts and have a vmdk shared on a iscsi volume presented to both physical hosts.

  1. Log into the service console for ESX or SSH to one of the physical hosts.
  2. Run the following command “vmkfstools -c 1G -d eagerzeroedthick /vmfs/volumes/Full Path/QuourmDisk.vmdk -a lsilogic”
  3. Power off the guests you are working with. This cannot be done on the fly to the best of my knowledge. This also doesn’t work with the guests having snapshots.
  4. Edit Settings for Server1Server1 Properties
  5. Select “Hard Disk”
  6. Select “Use an existing virtual disk” and click “Next”
  7. Click “Browse”
  8. Browse to the location of where you created the vmdk and select the vmdk fileCreate Disk - Select Existing
  9. Click “Next”
  10. Change the SCSI controller this is located on, this will force the creation of a new SCSI controller. I changed from “SCSI (0:1)” to “SCSI (1:0)Create Disk - Advanced Settings
  11. Review the settingsCreate Disk - Ready to complete
  12. Click “OK”
  13. Click on the “New SCSI Controller”
  14. Select “Physical” on the right hand sideChange to physical
  15. Click “OK”
  16. Repeat the steps for the other virtual machine.

Discover Open Ports Visually from Inside your Network

Posted by & filed under Networking.

GRC Logo

It has been around for years, the good people at Gibson Research Corportation have a great online tool that identifies open ports in a visual form, requested from the internal network.

This is really for people that don’t have an understanding of other tools e.g nmap.

The tool is called “Sheilds Up”, it allows you to execute a scan from the outside back your WAN IP. The type of scans can be based on the following port ranges:

  • File Sharing
  • Common Ports
  • All Service Ports
  • Messenger Spam
  • Browser Headers

You can also scan custom ports, examples are as follows

  • 21, 25,135 (certain ports seperated by commas)
  • 1-1024 (Port range from 1 to 1024)

An example is the following:

Shields Up Scan Results Example

 

A word of caution: If running this tool from a network where network monitoring happens, it will look like a port scan attack and could get you in trouble. Ensure you have proper authority or own the network you run this against.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to vMotion from Intel to AMD and Vice Versa in VMware ESX

Posted by & filed under VMware ESX.

vmware-logo

Live migrations (aka vMotion) is still one of the most impressive features of the vSphere platform although it has been around for quite a while now. It demonstrates the superiority of virtual machines over physical servers and their independence from the underlying physical hardware.

But the hardware independence is not complete, unlike other devices CPU’s are not emulated by the hypervisor, but passed through the VM, utilising hardware virtualisation features that are built into the processor in particular vendor specific ways. As a consequence vMotion does only work between similar CPU’s of the same vendor by default.

How to disable vMotion Compatibility Checks:

Although it is not recommended; I don’t recommend it myself but for “test” environments or non-critical production environments it shouldn’t be a problem.

There are two places to configuring advanced vCenter settings in version 5.1:

  • vSphere Client (fat app) in / Administration/ vCenter Settings / Advanced Settings
  • vSphere Web Client / vCenter / Manage / Settings /Advanced Settings
vCenter Server Settings
  1. Adding the key config.migrate.test.CpuCompatibleWithHost with value false will completely disable all compatibility checks. This is the brute force method, and I would really not recommend doing this, because this will also suppress any warnings to be shown
  2. Adding the key config.migrate.test.CpuCompatibleMonitorSupport with value false will only disable checking the VMM (Virtual Machine Monitor) on the source and target hosts for supported CPU features (preventing any “product version does not support features” error messages).
  3. Adding the key config.migrate.test.CpuCompatibleError with value false will display all compatibility check errors as warnings only that do not prevent starting the migration (still not recommended, but at least you have been warned).

As stated prior, suppressing vMotion compatibility checks by these means is not supported by VMware!

Testing vMotion

These settings won’t give you the ability to turn EVC on, it only suppresses the errors and turns them into warnings and unlocks lock that blocks you from going further.

As seen below, I am migrating from 10.54.10.2 to 10.54.10.1, it gives me warnings but allows me to select “Next”vMotion Warnings

Why this shouldn’t be implemented in “production”

Of course there is a reason why the vMotion Compatibility checks exist and why VMware does not support disabling them: Different CPUs provide different sets of advanced CPU instructions and features. If an application or the OS running inside a VM is using a certain CPU feature and is then migrated to a host with a different CPU that does not provide this feature … guess what will happen: The application or even the whole OS inside the VM will crash.

Examples are Multimedia or compute intensive applications that use SSE extensions. These extensions are even used by Operating Systems’ kernel code. The software RAID code of certain Linux kernels e.g. do a quick benchmark at boot time to determine the most effective method for computing check sums: Imagine it decides to use SSE3 extensions for calculating RAID5 check sums. If you happen to actually use software RAID5 in such a machine and vMotion it to a host that does not provide this CPU feature then this will certainly result in an instant kernel panic, hopefully without data loss or corruption.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Reset root Passwords on Linux

Posted by & filed under Linux & Unix.

Linux logo

Just a quick how to reset Linux accounts, very basic but for the newbies out there it might come in handy.

  1. # passwd <username>
    1. Example: # passwd test
  2. Type the new password twice

Okay so the basics are covered, lets go into something a little stronger – how to recover a root password.

Recover ROOT Password

GRUB Boot Loader

  1. Boot
  2. Select kernel
  3. Press the “e” key to edit the entry
  4. Seelct the second line (the line starting with the word kernel)
  5. Press the “e” key to edit kernel entry so that you can append single user mode
  6. Append the letter “s” (or word “Single”) to end the (kernel) line
  7. Press ENTER key
  8. Now press the “b” key to boot the Linux kernel into single user mode
  9. At the prompt type “passwd” command to reset password
  10. You need to mount at least / other partitions
    1. # mount -t proc proc / proc
    2. # mount -o remount,rw /
  11. Change the root password, enter
    1. # passwd
  12. Reboot
    1. # sync
    2. # shutdown -r now

LILO Boot Loader

  1. At LILO boot loader, type “linux single” and press enter
    1. Boot: linux single
  2. When you get the # prompt you need to type “passwd” to reset the root password
    1. # passwd
  3. Reboot
    1. # sync
    2. # shutdown -r now

 

Microsoft Technet Subscription

Posted by & filed under Licensing, Microsoft.

MS Logo

You might be wondering how I can afford all these Microsoft licenses for all the servers? There is one simple way to use it all in a “test” environment for one very small cost, its called “Technet”.

For one small cost of ~$400 USD per year (online downloads only) you can enjoy all the Microsoft products at a fraction of the cost of retail, all with valid license keys.

To purchase Microsoft Technet visit the link here or to view their subscriber downloads, click here

IANA Port List

Posted by & filed under Networking.

iana-logo-large

The Internet Assigned Numbers Authority (IANA) is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources.

The Internet Assigned Numbers Authority (IANA) is a department of ICANN responsible  for coordinating some of the key elements that keep the Internet running  smoothly. Whilst the Internet is renowned for being a worldwide network  free from central coordination, there is a technical need for some key parts  of the Internet to be globally coordinated, and this coordination role is  undertaken by IANA.

Specifically, IANA allocates and maintains unique codes and numbering  systems that are used in the technical standards (“protocols”) that drive  the Internet.

There is a great list (very updated) of all the port numbers assigned in the world which can be found here

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

CBT Nuggets

Posted by & filed under Training and Development.

cbt nuggets logo

I cannot rave about this company enough, their online training covers many different topics and goes into great detail.

The core material they cover is as follows:

  • IT Training
    • Cisco
    • Cisco Routing and Switching
    • Cisco Security
    • Cisco VoIP
    • Citrix
    • Cloud
    • CompTIA
    • ITIL
    • Juniper
    • Linux
    • Mac
    • Microsoft
    • Microsoft Messaging
    • Microsoft Systems Management
    • Microsoft Windows
    • Oracle
    • Programming
    • Scripting
    • Security
    • Sharepoint
    • SQL
    • VMWare
    • Web Development
    • Wireless
  • Project Management Training
    • Agile
    • CompTIA
    • Microsoft
    • PMI
  • Office Productivity Training
    • Cloud for End User
    • Database
    • Drawing
    • E-Mail
    • Finance
    • Presentation
    • Security
    • Spreadsheet
    • Web Design
    • Word Processing

You can make video notes online while you play the video, makes for a nice centralised place to refer to notes.

There is a great “ExamPrep” section, it allows you to test your skills in a certain subject before sitting the actual exam (maybe saving you some $$)! These are based on the “SelfTest” and “Transcender” exam preperations.

You can create playlists, these can be handy for when you need to complete a certain amount of videos to cover a course. There are also predefined playlists that make it easy to know which videos are required to cover a course.

They also provide free “Micro Nuggets” on Youtube, you can view their channel here

The subscription is well worth it, $999 USD per year for an individual 1 user license.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Install phpLDAPadmin on Debian Squeeze

Posted by & filed under Linux & Unix, phpLDAPadmin.

Linux logo

This tutorial will show you how you can set up an LDAP and web interface to manage LDAP (Active Directory) server on Debian (Squeeze).

phpLDAPadmin url: http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page

Screenshots of phpLDAPadmin: http://sourceforge.net/projects/phpldapadmin/

Server name: ldap.example.com
Domain name: example.com
Server IP: 192.168.0.2

Run commands without the “#” for them to work!

  1. Make sure the server is up to date (configure correct sources before updating)
    1. # apt-get update
    2. # apt-get upgrade
  2. Install slapd and create a password for the administrator
    1. # apt-get install slapd
      1. When prompted, enter a password for the administrator of the LDAP server, I choose the password “passw0rd” in this example
  3. Install ldap-utils and phpLDAPadmin
    1. # apt-get install ldap-utils phpldapadmin
  4. Open /etc/ldap/ldap.conf with an editor such as vi or nano and
    1. # vi /etc/ldap/ldap.conf
  5. Uncomment BASE and URI so edit so it looks like this ldap
  6. If you want to edit the domain name I recommend running the following command
    1. # dpkg-reconfigure slapd
  7. Select NO and follow the guide, type in your domain. eg. example.com choose recommended settings
  8. Open /etc/phpldapadmin/config.php

$servers = new Datastore();
$servers->newServer(‘ldap_pla’);
$servers->setValue(‘server’,’name’,’My LDAP Server’);
$servers->setValue(‘server’,’name’,’My LDAP Server’);
$servers->setValue(‘server’,’port’,389);
$servers->setValue(‘server’,’base’,array(‘dc=example,dc=com’));
$servers->setValue(‘login’,’bind_id’,’cn=admin,dc=example,dc=com’);

If you followed the instructions correctly you will now have phpLDAPadmin, browse to http://yourservernameorip/phpLDAPadmin and log in using the password you specified at step 2.

You should also read this page if you have problems creating pisix groups + users

http://wiki.debian.org/PhpLdapAdmin