Some Reality for us Infrastructure Peeps or Apps are cool too

Don’t’ you just love double titles?

For many years I have been an infrastructure guy. I really liked how the cables, and processors and Memory and blinking lights worked. Applications were often the necessary evil tolerated so that I can play with cool technology. During my own journey toward learning about the cloud it becomes increasingly important to consider the function of the application. Six years ago me would totally punch me in the face right now. Traitor. J

1 – Don’t get your App messed up in my resource buckets of awesomeness


So the reality check to the Infrastructure geek in me is this: The application teams really think of what you do as the network. That is why when anything is ever wrong it is always “the network’s” fault. What we love to do is getting abstracted more and more. I will still contend that is very important and very hard to do. Whether you are building reference architectures or deploying a converged infrastructure appliance almost no one but us cares. They just want the data to do their jobs. So while we have really great discussions about speeds and feeds, the guy in the picture below just wants the app. From the hypervisor down we need to design with the application in mind or we will risk becoming like that goth dude locked in the server room on IT Crowd.


2 Honey badger don’t care about FCoE

My next post will get into what I have been researching regarding what is out there and hopefully help us (infra. peeps) understand our App/Dev brothers better.

You are probably an Infrastructure person if:

  1. You read this blog.
  2. You work mainly with Virtualization
  3. Storage Admin
  4. Network Admin
  5. You like to make fun of DBA’s


Rescan All Hba’s Where are you?

So I was updating some of my blog posts on the esxcfg-* commands with any changes in ESX 4. I wrote earlier I did not know much about the esxcfg-advcfg command. Since writing that post at the end of 2008, I found Duncan Epping used esxcfg-advcfg in 3.5 to set the option rescan all the Hba’s. I thought this was a great shortcut and decided to try it out in vSphere but:

[[email protected] ~]# esxcfg-advcfg -s 1 /Scsi/ScsiRescanAllHbas
Exception occured: Unable to find option ScsiRescanAllHbas

So I looked through vCenter 4 and did not find the option under Scsi I looked around some in the other Advanced Options and it is no where to be found.

Has this been removed or moved somewhere else? If you know hit me up on twitter @2vcps

Change Service Console IP

Want to change the Service Console IP address from the command line real quick like?

esxcfg-vswif -i [new IP] -n [netmask] [vswif]
example (as root)
esxcfg-vswif -i -n vswif0

Q: How do I know what is my vswif?
A: esxcfg-vswif -l

you can also use esxcfg-vswif -l to verify the ip of your service console.

A good reference is also available here.

The watch command in the Service Console

UPDATE: Eric Siebert wrote an almost identical article here for techtarget. Since I don’t want people to think I just lift ideas from other blogs I would like to credit this article at the top. Although I have been using this procedure for nearly 2 years for snapshots. I would like to say I didn’t see his article before I posted mine. Next time I will do more googling. I try to keep this blog from regurgitating ideas that can be found elsewhere.

Do you ever have to commit gigantic snapshots that the vCenter client times out before it is finished. After the initial panic a while ago I learned the snapshots continue to delete even if the client times out. So how do you know what they are finished?
Answer ssh in the service console and look.

A ‘ls’ of a normal virtual machine:

A ‘ls’ of the vm with a snapshot:

Now a try – watch -n 30 ‘ls -alh’
This will re-run the ls -alh command every 30 seconds.
In action:

Now if you VI Client times out you can leave this window running so you will know the snapshots are gone when the vmdk with the “delta” in the filename are gone.

Notice the additional delta files that appear. When deleting snapshots the vCenter will create a new delta file for changes that occur during the delete of the original delta. Then it deletes this new delta. I know I know an awesome video. I really like playing with Jing though.
The watch command can be used with an linux command you want to repeat over and over and over.

ESX Commands – esxcfg-auth

Following my alphabetical method of learning.

usage: esxcfg-auth [options]

–enablemd5 Enable MD5 password storage
–disablemd5 Disable MD5 password storage
–enableshadow Enable Shadow password storage
–disableshadow Disable Shadow password storage
–enablenis Enable NIS Authentication
–disablenis Disable NIS Authentication
–nisdomain=domain Set the NIS domain
–nisserver=server Set the NIS server
–enableldap Enable LDAP User Management
–disableldap Disable LDAP User Management
–enableldapauth Enable LDAP Authentication
–disableldapauth Disable LDAP Authentication
–ldapserver=server Set the LDAP Server
–ldapbasedn=basedn Set the base DN for the LDAP server
–enableldaptls Enable TLS connections for LDAP
–disableldaptls Disable TLS connections for LDAP
–enablekrb5 Enable Kererbos Authentication
–disablekrb5 Disable Kererbos Authentication
–krb5realm=domain Set the Kerberos Realm
–krb5kdc=server Set the Kebreros Key Distribution Center
Set the Kerberos Admin Server
–enablead Enable Active Directory Authentication
–disablead Disable Active Directory Authentication
–addomain=domain Set the Active Directory Domain
–addc=server Set the Active Directory Domain Controller
–usepamqc=values Enable the pam_passwdqc module
–usecrack=values Enable the pam_cracklib module
–enablecache Enables caching of login credentials
–disablecache Disables caching of login credentials
–passmaxdays=days Set the maximum number of days a password remains valid.
–passmindays=days Set the minimum number of days a password remains valid.
–passwarnage=days Set the number of days a warning is given before a
password expires.
Sets the maximum number of login failures before the
account is locked out, setting to 0 will disable this
-p, –probe Print the settings to the console
-v, –verbose Enable verbose logging
-h, –help show this help message and exit

For more actual usage I would defer to one of the most useful vm blogs around from Scott Lowe. The common usage for most of us daily users would be to enable active directory authentication on the ESX. So your team of admins can get in and do work in certain situations. Now when your team is one (still looking for that other VCP, hopefully he passes the test this week) or two this is not a huge requirement.
Additional authentication requirements can be set here depending on your environments reqs. I would generally let clients know this is available but have not had anyone demand to have the maxfailedlogsin set to 5 or something.