VMWare ESXi

I’ve recently been using VMWare ESXi 5.5 in anger – with real VM’s rather than just testing shell commands. Plus it seems the last couple of versions of VirtualBox can no longer run ESXi as a guest.

Anyway, its soooo Windows-centric vendor-locked its unbelievable. I mean you can’t even load a bunch of ISO’s on a USB stick and put them in the back of the machine, you have to transfer them using the VSphere client over the network. I’ve not tried scp but I doubt that would work due to the cut-down SSH server and shell. Seems its not even called ESXi anymore, its VSphere Hypervisor or something.

Also there’s no way to find the physical network interface name/number/ID from the virtual nics! It seems VMWare assumes everyone is either using flat networks with no vlans/subnets or only use multiple interfaces for nic teaming/bonding; and have never needed to know which ethernet cable should go to which switchport and map to which network device in the VM.

The only good point is that the vmware-tools are now in some distro’s like RHEL so you don’t need to install kernel source, gcc and make to rebuild the kernel modules every time you do an upgrade.

There’s an annoying “feature” with the console – if you click on the console tab in VSphere it shows the console, but if you click the console icon, it then shows another one, and there doesn’t seem to be a way to disconnect the tab one and you get an annoying popup telling you there’s 2 connections all the time!

It still seems a bit flaky regarding screen resizing and networking, and the whole virtual switch thing is a mess as you end up having to define one switch per interface with only that interface in it if you want your guest to have multiple network cards. It seems more like a virtual router to me.

I’ve also installed a CentOS7 virtual machine, but don’t like it much, networking seems very buggy – especially the new interface naming conventions described here, and that NetworkManager doesn’t seem to track changes made with ifconfig. Systemd is a pain and I even found that rpcbind can’t be disabled using the systemdctl command, you have to symlink rpcbind.service and rpcbind.socket to /dev/null

I’ve just soldered the pins on my Arduino Pro Mini, and found its not well documented – probably because its not an official Arduino (its kind of based on the Arduino Mini) its a SparkFun board that’s been revised and cloned a lot. I finally figured out the pinout for uploading using a CP2102 – its RX-RX, TX-TX, GND-GND, 5V-VCC, DTR-DTR and don’t connect the reset pins or use resistors or capacitors as some sites say.

The Makefile for the 5V 16MHz ATmega328p board is:

BOARD_TAG    = pro5v328
MONITOR_PORT = /dev/ttyUSB0
include /usr/share/arduino/Arduino.mk

Rather annoyingly I’d soldered the rear analogue headers on before I realised that it wouldn’t fit breadboard anymore, so I’ve removed them again and may put right-angled headers on at some point. I much prefer the Nano or even Pro Micro.

I just compiled XBMC 14a4 from git and pretty much nothing seems to have changed from 13.2 other than the Kodi name. Had to disable the Google Test Framework to get it to build as its now enabled by default.

I also upgraded the blog to WordPress 4.0

Upgrading RHEL5

I’ve been upgrading my CentOS 5.4 VM’s to 5.5 today, it all went well with both 32 and 64-Bit builds. Just do:

su -
yum clean all
yum update yum rpm glibc python
yum -y update
reboot

Encrypted Backups 2: The Revenge

I just got an RMA code from ebuyer for my two 1Tb hard disks, so I decided I’d better nuke and encrypt my not-quite-dead-yet drive so when I send it back, they have no way to recover the data (e.g. read my emails/banking!) the totally-dead drive was already encrypted before it died.

The commands are slightly different on Fedora10 than Ubuntu9 so not entirely the same as this post, plus I’m only using a passphrase not a key. It went something like this:

1. Fill the disk with random data to make sure the unencrypted data is overwritten:

dd if=/dev/urandom of=/dev/sdb

2. Create a new partition table:

fdisk /dev/sdb

3. Encrypt the new partition:

cryptsetup luksFormat  /dev/sdb1

4. Open the encrypted partition, this also creates a device mapping:

cryptsetup luksOpen /dev/sdb1 data

5. Create a filesystem on the partition, give it a disk label:

mkfs.jfs -L data /dev/mapper/data

6. Update /etc/crypttab – if you use the same passphrase as the root volume, Fedora will automatically open all LUKS containers that match that passphrase at boot. To find the UUID look in /dev/disk/by-uuid/:

data UUID=123d1c3d-4b5b-4fed-b6a1-c1bbd45bb22b none

7. Update /etc/fstab, so the filesystem gets mounted at boot:

/dev/mapper/data /mnt/data jfs defaults 1 2

I’m now rsycing the data back onto the drive from the fileserver, 500Gb is going to take some time even over gigabit…..

I’ve also updated this blog to WordPress 2.8.5.

I’ve downloaded CentOS 5.4 ISO’s and am currently upgrading one of my Virtual Machines from 5.3

New fileserver

I’m thinking of moving my fileserver from CentOS 5.2 to something more up-to-date. Partially due to 5.3 being pretty late, but also because the NIC bonding seems to be flaky due to the old kernel I guess.

The main requirements that have to be met by a replacement distro are:

1. Must be able to run PIPS for my Epson Stylus Photo RX425;
2. Must be able to run iscan for above scanner, which also requires a graphical display (Xorg);
3. Must be able to run NFSv4;
4. Must be able to do NIC bonding;
5. Must be able to mount JFS drives;
6. Must be supported for free for longer than a year;
7. Must be reasonably up-to-date, i.e. kernel 2.6.24 or later.

I can’t use Ubuntu Server as it has no X11, I can’t use OpenSolaris as it won’t work with the printer/scanner, I can’t use Fedora10 as it’ll need updating in six months.

So far I think its down to Debian Lenny or Ubuntu 8.04.2 LTS Desktop edition.

I’ll probably setup my Pentium4 as a new fileserver in parallel with the existing AthlonXP fileserver for zero downtime.

I’ve already got iscan and PIPS working in an Ubuntu VM, I converted the Fedora RPM to a .deb file using alien, with instructions from here, screenshot.

I got NFSv4 I setup in the Ubuntu VM using instructions from here, which I wish I had when I was setting it up on CentOS as it would have saved me a lot of going through poor documentation.

Update: just got NIC bonding working on the Ubuntu VM using these instructions. If I disable eth0 in VirtualBox, my SSH session stays open using the bonded eth1. I also got rid of Avahi (zeroconf) and NetworkManager.

iptables is a bit different on Ubuntu to RedHat, there’s no automatic startup of your firewall rules! I got it working within the ifup scripts using instructions here.

NIC bonding

After my good experience with NIC bonding on Fedora7 I thought I’d implement it on my CentOS 5.2 fileserver. Big mistake.

On top of the built-in 100BaseT NIC, I installed a second gigabit NIC, which was still an r8169 same as the other one, but a different brand card. That of course caused random switching around of the order of the network cards, so bond0 wouldn’t come up. As you can’t put the MAC address in the config file when using bonding, and my motherboard is modern so auto-assigns IRQ’s, I ended up having to blacklist the forcedeth module to prevent the built-in NIC coming up, leaving just the two gigabit cards.

So got that working. However the traffic coming out of bond0 was absurdly slow, I thought it might be arp caching, so rebooted the router and other desktop machine, no difference. Changed the bond type from round-robin (0) to XOR (2), no difference. Also noticed that if you try to restart the network service or ifdown the bond0, the system hangs. Unplugging one NIC seems to kill the link altogether. Starting to think NIC bonding is not so stable on CentOS…..

Anyway after running iperf and finding that the bonded speed was the same as with just one NIC, I reversed all the settings and removed the network card; noticing that both NICs were very hot to the touch.

So scrub that idea. Very strange though, I wonder if there was some IRQ/DMA weirdness going on with two relatively identical cards, especially with the overheating. I’ve got a feeling that one card was maybe being fed all the traffic bound for the two. I did a quick search and found at least one other person found that bonding on CentOS was very slow, so maybe its the old 2.6.18 kernel’s bonding module.

I’m really leaning towards making my Pentium4 (the F7 box) into a new fileserver, maybe wait for CentOS 5.3 to be released or stick Ubuntu Server 8.04.2 LTS/Debian 5.0 on there to get a newer 2.6.24/2.6.26 kernel but retain the 3-year support model. It just seems a waste to have a 3Gb/3GHz machine as a fileserver, although it isn’t doing much right now….

I also used the new Acronis True Image Echo Server to backup the fileserver’s boot drive over the network, then I plugged in an indentical 80Gb IDE disk and cloned it to that for good measure, the disk clone took about 8mins, I think the network backup took about 40mins.