2011-04-14

Welcome to my Latest Sponsor - Solarwinds


I would like to thank SolarWinds for joining as a sponsor for my blog.

Welcome aboard!!

If you would like to join as a sponsor please feel free to contact me

2011-04-13

Access ESX Host When Root Login is Disabled

VMware Security best practices are to not allow PermitRootLogin to an ESX host.

Enabling root SSH login on an ESX host.

I could not SSH into a newly provisioned host. The server would not allow root login (rightfully so), and my domain account could not log in either.

This is how I solved the issue.

  1. Logged into the ESX host directly with the vSphere Client.
  2. Created a new user with SSH access to the host.
  3. Logged in to the host and found what the problem was time skew.

    Here is the error from /var/log/secure:

    Jan  9 09:52:36 ilesxdmz1 sshd[18263]: pam_krb5[18263]: authentication fails for 'msaidelk' (msaidelk@maishsk.local): Authentication failure (Clock skew too great)
  4. Fixed the time issue.
  5. Test SSH access with my domain account - Success.
  6. Removed the temporary account.

The full how-to including video - is in the KB above.

And a bit of PowerCLI to create (and remove) the user, instead of having to open up the GUI.

New-VMHostAccount -Server esx1.maishsk.local -Id maish -Password "a:123456" -UserAccount -GrantShellAccess:$true -AssignGroups root

#And remove afterwards

Get-VMHostAccount -Server esx1.maishsk.local -Id maish | Remove-VMHostAccount -confirm:$false

2011-04-12

IBM x3650 M3 Does Not Recognize NICs

I was battling with a piece of IBM hardware last week during the install of a new ESX host.

I had installed a new server, IBM x3650 M3 with 2 Intel Dual Port Server Adapters, and the damn thing would not recognize the cards in the system. I updated to the latest firmware. This was not the first time this model had been installed but up until now now problems had occurred.

After mucking about on the internet and calling support - apparently some of the NICS are not recognized properly in the UEFI settings (see full article for all the details).

Symptom

Upon power up, after the user installs one or more PRO/1000 PT Quad Port Server Adapters, Option 39Y6136, Field Replaceable Unit (replacement part number) 39Y6138, in one or more PCIe slot(s) in a System x Gen2 server, the adapters are not seen by the system.

 

Affected configurations

The system may be any of the following IBM servers:

  • System x3550 M2, Type 4198, any model
  • System x3550 M2, Type 7946, any model
  • System x3550 M3, Type 4254, any model
  • System x3550 M3, Type 7944, any model
  • System x3650 M2, Type 4199, any model
  • System x3650 M2, Type 7947, any model
  • System x3650 M3, Type 4255, any model
  • System x3650 M3, Type 7945, any model
  • System x3850 X5, Type 7145, any model
  • System x3850 X5, Type 7146, any model
  • System x3950 X5, Type 7145, any model

Workaround

In the UEFI, change the setting for the PCIe slot(s) from "Gen2" to "Gen1" as follows:

To set the system PCIe bus/slots to Gen1 mode in the system UEFI:

1. In UEFI, go to Devices and I/O Ports and select Gen1.
2. Save the new setting and reboot the system.

The adapter(s) should now work fine with the system PCIe bus/slots set to Gen1 mode.

This is really stupid and ridiculous it should just work!!

Posted here so I do not have to look for it again, and perhaps is useful for you as well.

VMware vExpert 2011 Applications Are Now Open

John Troyer has just announced that the applications for the vExpert 2011 Program is now open.

vExperts are the bloggers, the book authors, the VMUG leaders, the tool builders and town criers, the tinkerers and speakers and thinkers who are moving us all forward as an IT industry.

A vExpert imageshould demonstrate knowledge about VMware solutions and their benefits, and how they fit into the overall IT landscape. A vExpert designation is not a technical certification of any kind, although they are often very articulate and knowledgeable about virtualization and IT topics, both technical and non-technical. It should not be confused with a VCDX (VMware Certified Design Expert).

So there are a few things that are different this year, so please go over to the original announcement and read the details

I can say it was well worth while being awarded the honor last year, be it the early access to different programs, and other small freebies (and no, John would not give us a personalized iPad!!)

Information Forms will be accepted until midnight PST Friday, May 6, 2011. vExpert recipients will be notified within the following two weeks.

2011-04-10

Installing the UBER VNX (NFS) v1 - 1st Steps

Ever since EMC released the the VNX I have been itching to get my hands on a simulator to try it out. Now seeing that Chad and Nick are not ones to leave us hanging for long, I started to ask for it straight after the launch. I was told that it would be out, in the not too distance future.

Yesterday, I saw that Nick Weaver had done it again

Just some things to note:

  • NFS/CIFS only (at the moment)
  • One datamover only

So here is my installation experience.

Download links can be found on Nick's post.

I will not go into how you import that into your ESX host - that should be pretty straight forward by now.

The appliance comes configured by default with:

  • 1vCPU
  • 2GB RAM
  • 1 40GB IDE Hard disk
  • 3 e1000 NICs

VNX settings

Thin provisioned this takes up 6.5 GB of disk space.

Resource Usage

So let us Power on the appliance.

Boot_1

So first thing you will be asked to enter an IP for management for the device.
This will be the eth0 (Network Adapter 1)

Enter the following info:

  • IP Address
  • Subnet Mask
  • Default Gateway
  • Hostname
  • Domain Suffix
  • DNS server
  • NTP server

IP Settings 1
IP Settings 2

A quick reboot and hup - Bob's your uncle, and for a simple setup you are all set to continue with the Web interface.

Bob's your uncle

Default credentials are: nasadmin/nasadmin and here you have it

Login_1

Now forget for a minute the error messages that are present - this is because of no access to the NTP servers.

You can see the new Unisphere interface

Interface_1
Interface_2
Interface_3

Let us go and create some NFS storage that we can use.

Create Filesystem

Wizard

New_FS_1New_FS_2
New_FS_3New_FS_4
New_FS_5New_FS_6New_FS_7

And now we have a new filesystem,

Filesystem Complete

Next we create a network interface that will serve as NFS for this filesystem.

New Network

Network Wizard

This device will use interface cge0 (Network Adapter 2) which in my specific case is not on the same network as the management network but - 192.168.166.x

Network Wizard_1Network Wizard_2Network Wizard_3Network Wizard_4Network Wizard_5Network Wizard_6Network Wizard_7

And we now have a new interface on the network.

Network Complete

Now to export the storage to the correct subnet.

Create Export

Just add in the correct values.

Export Wizard

And Done.

Export Complete

Now to connect the ESX Hosts to the storage:

Get-VMHost esx*.maishsk.local  | % {
New-Datastore -vmhost $_ -Name nfs_1 -Nfs -NfsHost 192.168.166.5 -Path /nfs_1 -Confirm:$false
}

And we now have two Hosts connected to the shared storage.

ESX Connected 1ESX Connected 2

I have to confess, to actually perform the procedure took less than 8 minutes (really) from power on till I had shared storage that I could access from an ESX host. The screenshots took over an hour.

My take on this as compared to the UBER VSA. The GUI is much more user friendly. I have not gone into how the snapshots and Data Protection work and how they are configured, but that will come.

Again my hats off to the EMC Crew for providing us a tool that is fully functional and working that allows us to get a fell of the new products and their features before actually buying the product.

The usual word of warning though.. This is not supported by EMC.
Support is through the Everything VMware at EMC community only.

Happy Uber'ing…

p.s. My apologies for not being so active lately - too much going on….