Monday, December 23, 2013

The Trough Of Disillusionment


After eleven days with Glass I've decided to return it. It is very useful for someone living in a major metropolitan area but that's just not me.

Better In The City

I live in the suburbs on a mostly wooded lot with nothing around me and work in another suburb. In the past eleven days I've been in the city, Providence, a few times.  While in the city I saw Field Trip pop up with some cool facts about surrounding buildings.  Glass also showed me a movie were playing in the theater next to where I was eating dinner, a concert at a music venue down the street, and restaurants in the area.  All very targeted, local stuff pulling from a variety of sources.

Concerns About Glass

Some of my activities that I might record/share, like hiking or working on the plow truck, I'm worried would damage Glass. While cooking with Glass I was worried about grease splatter and how to clean it up.  The one thing Glass doesn't do is display my calendar; not sure if a bug, feature or misconfiguration on my part.

What To Do With Glass

I created some IFTTT recipes to push data to Glass but mostly minor stuff, like weather alerts. The handsfree is really nice, especially for navigation, and that's the main feature of Glass. I took lots of photos and videos to share with family and friends, recorded a recipe, made phone calls, sent messages and did video Hangouts.  While I was cooking I found the camera's angle to be a bit awkward but having my hands free was great.

Throughout the day I had many, small interactions via email, SMS, twitter, all through Glass. It was convenient to reply quickly and not change my main focus.  Only important email came directly to Glass and wasn't distracting.

I've thought of ways to use Glass, let other people try Glass, bought contact lenses just to wear Glass and worn Glass every single day for eleven days, taking it off only to sleep and charge.

It Really Is All About Money

For me personally, $1,500 is nearly 1/3rd of a family summer vacation. I would gladly accept Glass if someone bought me one or if Google gave it away. Glass is awesome technology but for me personally it's not $1,500 awesome. Google will probably compensate Glass Explorers in some way for the $1,500 price tag.  There will probably be one or two more swap outs or some other perk.  Unfortunately Google guarantees nothing.

Bottom line: Get Glass if you have $1,500 of disposable income and want to treat yourself to some cool technology.

Thursday, December 12, 2013

Google Glass, First Thoughts


"I got the invite. OMG."

That sums up my first thought about Glass. Then came the sticker shock, the despair, the discussion with my wife, the angst, rapid discussion with many friends and finally, the purchase. If you want to read about what it's like just skip the next couple paragraphs.

Deciding To Buy Glass


I've always been fascinated with new technology and not just hardware. I signed up for Google Apps close to when it first went beta and the Chromebook beta. I turned on every experimental feature in Google Apps. I especially liked the ones that came with warnings, "This may break things. Use this escape URL if you can't get back in to Gmail." When Glass came along it was just a matter of time before I signed up.

After the invite I couldn't believe the price. At $1,500 this is the upper bounds of my discretionary spending. Before buying I thought about how I use it and how it would make my life any easier. I'm still thinking about it and I'm not sure the price is worth it.

Seeing the price for the first time was like a bucket of cold water thrown at me, it really tempered my enthusiasm to purchase Glass. My wife was not amused at this latest whim of mine. We could really use a lot of things (like a vacation) and Glass is not in her mind.

I was really torn whether I should buy it. On the one hand I love trying out new stuff but it's always been free or cheap.  This was (still is) an inner conflict between what I was willing to pay and new technology.

I talked to lots of people about it; family, friends, co-workers. Everything revolved around price. A typical conversation would run something like this:
Me: "I got invited to buy Google Glass"
Friend: "Really? Cool! Do it!"
Me: "It's $1,500"
Friend: "Oh. :("

I had seven days to purchase when I got the invite and it took four days to decide.

So What's It Like?

It's like nothing I've ever tried. I'm still not sure what to do with it. Take pictures, share them on Twitter or with my G+ Circles. That's OK but I'd like to do more. I'm a huge Evernote user and I use IFTTT so I'm eager to check out the apps for Glass.

It has made human interaction more awkward. "You're not looking at me", says my wife, while talking to her. Get a message from wife while at dinner, fumble with Glass to read it. Keep nodding head to shut the screen off and I have no idea what I look like doing that.

I was worried people would "self censor", that in the face of a device that can record everything you say and do without much notice people would act a bit differently but I haven't run into that yet.

I'm still not sure what to make of it. I thought writing about it would help but I still haven't decided: is this going to improve my life or is it just a toy?

Monday, December 9, 2013

Extracting Inventory From HP C7000

Problem

I was recently tasked with obtaining an inventory report off our HP C7000 chassis. Warranty renewal time was here and the VAR needed our equipment's serial numbers to generate a quote from HP. Perform a quick Google for this problem and you'll see there is no "easy button". HP does not have an out of the box inventory reporting tool for the C7000.  My solution uses the "show all" command, several regular expressions and the lovely Notepad++ to generate a list of equipment and serial numbers.

Obtain HP Inventory Information

First grab the inventory using the "show all" command.  HP's documentation provides several ways to do this. I chose to grab the "show all" report from the Onboard Administrator WebUI. The report can be 10 - 20,000 lines long so be patient and let the page load completely.  Copy and paste the report into Notepad++.

Mark Equipment Types With Serial Numbers

You can copy and paste reports from multiple chassis into Notepad++. Once you have all your inventory reports run the following Search/Replace. Set your "Search Mode" to "Regular expression".  Find each of the following and replace.

Find what:
^.*(Onboard Administrator [1-2].*)\r\n.*\r\n.*\r\n.*(Serial.*\r\n)
^.*(Interconnect [0-9]).*\r\n.*\r\n.*\r\n.*(Serial.*\r\n)
^.*(Power Supply.*[0-9].*)\r\n.*\r\n.*(Serial.*\r\n)
^.*(Enclosure Type.*)\r\n.*\r\n.*(Serial.*\r\n)
^.*(Blade #[0-9].*)\r\n.*(Serial.*\r\n)
^.*(Fibre Channel.*)\r\n.*\r\n.*\r\n.*\r\n.*\r\n.*\r\n.*\r\n.*\r\n.*(Serial.*\r\n)

Replace with:
INVENTORY,\1,\2

This will find the equipment and add "INVENTORY" to all the lines we want extract.  I used the "Mark" feature to extract the inventory report from the remaining text.  In the Search/Replace window select the "Mark" tab, check "Bookmark line" and set "Search Mode" to "Regular expression". Set "Find what:" to "^INVENTORY".

Extract Marked Text

All of the lines we want are now "Bookmarked". To remove the extraneous text select "Search" -> "Bookmarks" -> "Remove Unmarked Lines". The resulting text should look like this:
INVENTORY Enclosure Type: BladeSystem c7000 Enclosure G2 Serial Number: yourSerialNumber
INVENTORY Onboard Administrator 1 Serial Number: yourSerialNumber
INVENTORY Interconnect 1 Serial Number: yourSerialNumber
INVENTORY Power Supply  1 Serial Number: yourSerialNumber
INVENTORY Blade #1 Information: Serial Number: yourSerialNumber

Lastly, clean up the report so we can send it via email. Run a Search/Replace for "^INVENTORY " and replace with nothing. This is a suitable report that can be sent to a VAR or for inventory purposes.
Enclosure Type: BladeSystem c7000 Enclosure G2 Serial Number: yourSerialNumber
Onboard Administrator 1 Serial Number: yourSerialNumber
Interconnect 1 Serial Number: yourSerialNumber
Power Supply  1 Serial Number: yourSerialNumber
Blade #1 Information: Serial Number: yourSerialNumber

Summary

You can inventory your C7000 in a nicely formatted report suitable for import into a spreadsheet or email even though HP does not have an out of the box solution. The regular expressions could be altered to include model numbers or add commas to make spreadsheet import easier. I even see a potential way to automate this via a shell script on Linux.

Tuesday, July 16, 2013

Local ThinPrint Printer & Non-persistent VMware View Desktops aka (Thin)Printer Hell

Quick thanks to the Oatmeal for reminding me why printers were sent from Hell to make us all miserable.

Had an usual request at work. End user using View is located in an office where we do not own the network. The printers and end points are not ours to control. This makes it interesting when dealing with printers and non-persistent desktops.

This particular case involved the following:
  • End User uses a Windows client to connect to View.
  • The local printer installed on the Windows client is a network printer.
  • The local printer installed in the virtual desktop via Virtual Printing method as defined by VMware.
  • End User is assigned a non-persistent, floating desktop pool. Desktops refresh after log off.
The Problem:
The printer is not set as default and the user must change it to the default every time they log in.

We use Liquidware Labs to manage profiles and I wondered why it wasn't capturing this particular setting.  I opened a case with them to investigate.  While I waited I decided to read the Thin Print manual for fun and see if I could utilize our ThinPrint GPO to resolve the issue.

VMware's documentation on the ThinPrint GPO really isn't detailed enough. You can find hints of what to do here and here.  However the documentation is still sorely lacking and you need community resources like this to really find out how to use the Group Policy Object, especially for location based printing.

In the ThinPrint GPO the last column is "IP Port/ThinPrint Port" but the documentation never explains what the "ThinPrint Port" is. On page 24 of the Thin Print manual is documenation that describes the ThinPrint Port and how the name is determined.
Using this information and information from the virtual machine the end user was connected to I drafted the a configuration for the GPO. Below is the configuration after I exported it to a CSV.
DefaultPrinter,IPRange,ClientName,MACAddress,UserGroup,PrinterName,Destination
true,*,*,*,mydomain\username,hplaser,"TP Output Gateway!hplaser#:3"

I tested this while I was logged in as the end user. I removed all printers created by ThinPrint AutoConnect Service, refreshed group policy and then restarted the ThinPrint AutoConnect Service. It appeared to work OK. For the final test I logged the user out of their desktop and asked them to log in again. Since they are assigned to a non-persistent, floating desktop pool they received a new desktop.  The printer was set as default after login.

Saturday, June 1, 2013

Build a basic Windows Server 2008 R2 VM, VMware

Far too often I was rebuilding Windows servers. I decided to take advantage of the templating feature within VMware. To start I needed a basic Windows server.

The Windows Server 2008 R2 Template is a basic Windows server with NIC and disk optimizations for VMware. There are no changes to the local policy. Windows Update is run several times and all updates are installed. The instructions call for CCleaner to be installed to clean up Windows Updates.

This is an essential tool in the toolbox for now but with the adoption of Server 2012 I feel it will be depreciated within a couple years.

Care For Your Tools

It was the day my desktop at work had blown up. I was running a persistent virtual desktop and somehow I borked Windows; the OS was dead. I had all my vSphere and Windows administration tools installed on it and like a well worn tool I knew the strong and soft spots.

That was the day I realized I had no equivalent to a carpenter's toolbox. Although my tools are strikingly different from the carpenter's toolbox the same care and feeding needs to be performed to keep my tools sharp and available for use.

My first tool was a vSphere management station.  Loaded up with the most awesome management tools and only used for vSphere management with no corporate crapware (Outlook) to slow it down.  I documented the build process and keep it up to date.

Like a good carpenter you should keep track of your tools, hone them, and retool them. I've started to blog about each tool I use, starting with "vmtools", a vSphere management tool. Using IFTTT, each blog post tagged with "ITtoolbox" is saved to a spreadsheet.  The spreadsheet is now my virtual toolbox.

From my virtual toolbox I can see when I added a tool. I can then review the blog post, see if it needs retooling or if I need to remove it all together.  I did some Googling on caring for hand tools and found this toolbox idea translates into a commonsense rule: "a place for everything and everything in its place".  From there, I've compiled a short list of rules for IT tools:

  1. If you can't find what you're looking for or can't get to it quickly then you'll probably reinvent it. Save yourself the trouble and keep a list of tools in a spreadsheet. Event better if you can automate the process using IFTTT.
  2. Keep a few frequently used tools on portable media. Internet access isn't always guaranteed and you never know when you'll need your tools.
  3. Choose quality over quantity. You don't need five different IDEs, just one good one. Find what works best for you. Beta products are great to try but if they don't work well or not at all then they don't belong in the toolbox.
  4. Watch out for "flings" or "beta" products in production environments. Try before you add it to your toolbox. Before you add a tool to your toolbox give it a provisional time period. Kick the tires on it and if it lives up to its name it can stick around.
  5. Don’t use tools of unknown origin. Seems like a no brainer but do a quick Google for a solution to a problem and you'll see plenty of scripts and exe's claiming to solve the problem. Only run these tools if you trust the authors and examine source code when you can.
  6. Right tool for the right job. Holy wars aside, some tools are better than others at certain things. Usually it comes down to Windows Vs Linux for myself. Your milage may vary depending on your skill set.  Some other examples are: Don't run a 32-bit operating system if your tools need more than 4GB of RAM.  Don't use a VM if a physical device would be better suited.
  7. Last, but not least, keep your tools in working order. If a piece of software is no longer supported then you may want to reconsider keeping it for security reasons. Operating systems go out of support and need to change. Vendors supporting software packages change with each release. Know what's current and keep your toolbox up to date.

vmtools, a collection of tools used to manage vSphere

This tool's purpose to manage vSphere.  It isn't a single tool but a collection of other tools.  I like to think of it as a single tool because I've been able to wrap it up nicely into a single virtual machine running Windows Server 2008 R2.  Simply build the VM, install all the components and keep it up to date.

The tool's can manage vSphere via the WebGUI or PowerCLI. It contains all the necessary components to write code, explore log files, and capture metrics.

It is based on my Windows Server 2008 R2 template.  Read vmtools build instructions for more information on the software installed in the VM.

Friday, May 3, 2013

vShield 5.1.2 offline bundle for Auto Deploy ESXi hosts

Edit: Since this article was written VMware has come out with a new KB, http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2036701

The Problem

I use VMware Auto Deploy to manage my ESXi hosts.  Despite the trouble setting it up I find the major benefits; eliminating configuration and software version drift, to be invaluable.  We've started experimenting with vShield Endpoint to deploy a certain antivirus vendor's beta product to replace the traditional antivirus agent on our VDI infrastructure.  vShield Endpoint utilizes a management appliance that is used to install the vShield Endpoint software on the ESXi host.

If stateless Auto Deploy is used in an environment the changes will be lost upon reboot of the host.  One would have to use vShield Manager to reinstall the vShield Endpoint software on the host.

I found VMware KB2036701 that describes how to download the following bundles from the vShield Manager:
  • https://<vShield Manager IP>/bin/offline-bundles/VMware-vShield-fastpath-esx5x-5.1.0-766127.zip
  • https://<vShield Manager IP>/bin/offline-bundles/vShield-Endpoint-Mux.zip
We're running vShield Manager 5.1.2 and these URLs don't work.  I tried using the version number from our vShield Manager, 5.1.2-943471, but that didn't work.

Plan B - Search The vShield Manager Filesystem

Searching Google for VMware-vShield-fastpath-esx5x-5.1.2 turned up nothing. I needed the correct filenames for the offline bundles. vShield Manager is a locked down linux appliance. No browsing the filesystem there. Trying to escape the bootloader and perform the init=/bin/sh trick didn't work. Guess we're booting from ISO and mounting the filesystem from there.

I turned on the vShield Manager VM and booted from a Linux ISO. Once at a shell prompt I was able to mount vShield Manager's filesystem and begin exploring.

The vShield Manager Filesystem

The vShield Manager filesystem looks like this:
I found what I needed on /dev/sda6.

At first I was just looking for the zip files.  Using the find command I found the zip files in the directory /em/components.  That path, /em/components, is the web server root directory which makes any files in it accessible.

After I found the .zip files I figured there might a vib depot also available and searched for an index.xml file which would indicate that.  You can see two XML files were found, located in different paths: /em/components/zones and epsec.

I was able to add the vShield Endpoint MUX VIB to my image using the depot URL, http://<vShield Manager URL>/epsec/vibs/5.0/index.xml.
For vShield 5.1.2 and Auto Deploy you will want to retrieve the following two zip files and add them to your image:
  1. http://<vShield Manager URL>/offline-bundles/vShield-Endpoint-Mux.zip
  2. http://<vShield Manager URL>/offline-bundles/VMware-vShield-fastpath-esx5x-5.1.2-896234.zip
Alternatively you can add the following two URLs to your Software Depot:
  1. http://<vShield Manager URL>/epsec/vibs/5.0/index.xml
  2. http://<vShield Manager URL>/zones/vibs/5.0/index.xml

Wednesday, March 13, 2013

Installting libvirt on Ubuntu 12.04.2 LTS for ESX

After listening to the vBrownBag podcast on OpenStack I was eager to try out libvirt, a toolkit to manage virtualization. I primarily use Ubutu and so fired up putty and installed libvirt via Ubuntu's package management tool, aptitutude. I was surprised (and dismayed) that Ubuntu's packaged version of libvirt does not support ESX.  Upon trying out virsh I was greeted with the error:
error: invalid argument in libvirt was built without the 'esx' driver
I turned to Google and found Launchpad bug 565771 and a reference to the libvirt package listserv. It appears that the Ubuntu package maintainer has declined to include support for the libvirt ESX driver unless someone steps forward to maintain it.

My favorite Linux distribution is Ubuntu for a number of reasons. After using Debian for a number of years Ubuntu's updated packages was welcome relief.  If an updated package was unavlabile on Debian the only recourse was to build from source and so I am familiar with make and stow.  I encourage you to check out stow if you compile frequently from source. Drawing on this experience I set out to compile libvirt from source on Ubuntu 12.04.2 LTS.

First I needed some pre-requisite development libraries.
aptitude update && aptitude install -y stow libxml2-dev libdevmapper-dev libpciaccess-dev python-dev libnl-dev libcurl4-openssl-dev

I downloaded libvirt to /usr/local/src, untared the archive and configured the source.
./configure --with-esx --prefix=/usr/local

Next I ran make and make install with one adjustment. Since I am using stow to keep the installation separate I wanted to use the install option "prefix=/usr/local/stow/libvirt".  I am not 100% on the make process but it appeared some libraries needed to be installed and libtool didn't like that I was using the "prefix" option.

I turned to Google once again and found this listserv thread on using stow. It was recommended to use DESTDIR to work around this issue.
make
make install DESTDIR=/usr/local/stow/libvirt


Next I used stow to install the package under /usr/local
cd /usr/local/stow
stow -d /usr/local/stow -t / libvirt


After installing I needed to run ldconfig before using virsh to pick up any new libraries installed.
ldconfig


At this point we're all set to run virsh!
virsh -c esx://host.local?no_verify=1
Enter username for host.local [root]:
Enter root's password for host.local:
Welcome to virsh, the virtualization interactive terminal.
Type:  'help' for help with commands
       'quit' to quit
virsh #

Active Directory server unavailable causes VMware SSO failure

Had an interesting issue today with VMware Single Sign On (SSO) Server where it failed to authenticate connections. I saw the following in the SSO log located at C:\Program Files\VMware\Infrastructure\SSOServer\logs\ssoAdminServer.
[2013-03-13 07:41:49,575 ERROR opID=10d57a6f-20e6-4621-ba44-e90ae7cd8751 pool-31-thread-7  com.vmware.vim.sso.admin.vlsi.PrincipalDiscoveryServiceImpl] Error connecting to the identity source
com.rsa.common.ConnectionException: Error connecting to the identity source
 Caused by: javax.naming.NamingException: getInitialContext failed. javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldaps://<REDACTED>:3269' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection <REDACTED>:3269 [Root exception is javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldaps://<REDACTED>:3269' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection <REDACTED>:3269]
 Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldaps://<REDACTED>:3269' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection <REDACTED>:3269
 Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection <REDACTED>:3269
 Caused by: javax.naming.CommunicationException: <REDACTED>:3269 [Root exception is java.net.ConnectException: Connection timed out: connect]
 Caused by: java.net.ConnectException: Connection timed out: connect
What's interesting is that we have two Active Directory servers specified in the SSO configuration, Server-A and Server-B.  There were only errors for Server-B in the SSO log.  Server-B is currently unavailable, currently undergoing an upgrade to Windows Server 2012.

Seeing the errors in the log I restarted the VMware SSO Service. Within a few minutes the service was running and working again. Logins were working again and I could see that Server-A was being used.

Curious, I checked our SSO settings for the domain and confirmed that Server-A was set to "Primary" and Server-B was "Secondary". Why didn't SSO automatically switch to using Server-A if Server-B could not be contacted?

Not sure why Server-A was not automatically used but the log clearly indicated the error and restarting the SSO service worked.

Wednesday, February 20, 2013

vCenter Service Dies, SQL To Blame

Working with VMware occasionally takes me into MSSQL. Most recently I experienced an issue where vCenter 5.1 build 880146 stopped working.  The service was just stopped and restarting the service fixed the problem right away. I was curious as to the root cause so I opened a ticket using the vCenter Support Assistant (best tool ever, go get it).

A quick look at the log showed the following:
2013-02-13T00:24:46.226-05:00 [05212 error 'Default' opID=SWI-106a635e] [VdbStatement::Fetch] SQLError was thrown: "ODBC error: (40001) - [Microsoft][SQL Server Native Client 10.0][SQL Server]Transaction (Process ID 263) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction." is returned when executing SQL statement "SELECT HOST_ID            FROM VPX_VM, VPX_VDEVICE_FILE_BACKING            WHERE VPX_VM.ID = VPX_VDEVICE_FILE_BACKING.VM_ID            AND VPX_VDEVICE_FILE_BACKING.HARD_DEVICE_BACKING_FILE_NAME = ?"

I sent VMware the logs for analysis and the vCenter Support Assistant made this very easy. The VMware support engineer told me this deadlock issue was resolved in 5.1 however there could have been a problem setting the policy on our database during the upgrade. I verified this by looking at the database properties and noting they were set to off:

ALTER DATABASE [<VCDB>] SET ALLOW_SNAPSHOT_ISOLATION OFF
GO
ALTER DATABASE [<VCDB>] SET READ_COMMITTED_SNAPSHOT OFF
GO

VMware recommended running the following query to set these options to ON.  Note that the option READ_COMMITTED_SNAPSHOT cannot be set while there are active connections to the database.  Therefore we put the database into single user mode temporarily, set the option and then switch it back.
ALTER DATABASE <VCDB> SET ALLOW_SNAPSHOT_ISOLATION ON;
GO
ALTER DATABASE <VCDB> SET SINGLE_USER WITH ROLLBACK IMMEDIATE;
ALTER DATABASE <VCDB> SET READ_COMMITTED_SNAPSHOT ON;
ALTER DATABASE <VCDB> SET MULTI_USER;