the BSD box
.. on Linux
ESXi v4.1 SFTP access
Aug 17th
I came across something interesting while fiddling earlier, after spending about 2 hours building a static release of openssh server that was going to replace dropbear. I’d gotten to a point where I could build a i386 release of the binaries with no random library requirements and sshd would start and listen on a port defined in /etc/ssh/sshd_config. unfortunately starting ssh in debug mode allowed me to see numerous glibc errors during connections and explain why I couldn’t connect. At this point I don’t think there is any real way of replacing dropbear with a complete openssh solution even statically linking. Even testing the openssh sftp binary that had been compiled showed that it wasn’t coping with a system call not returning UIDs correctly meaning that it would report a FATAL error and close continually.
Given openssh wasn’t going to be replaced I researched about dropbear and if there was a newer version perhaps with sftp, unfortunately not. Eventually I came across notes on a blog mentioning that dropbear “supports” openssh sftp. After restoring ESXi back to its default filesystem settings (ssh enabled) it appears the attempting to sftp to esxi returns the following error.
ash: /sbin/sftp-server: not found
Connection closed
After compiling a slightly older version of openssh (static) I found a release of sftp-server that will once placed in /sbin on ESXi allows full usage of sftp (including sshfs mounting) binary below.
File access in ESXi 4.1 (nfs and tcp)
Aug 14th
I’ve had numerous occasions were i’ve needed to upload files to the actual file systems on an esxi system, the only ‘proper’ method is using the abysmal virtual infrastructure client and working mainly on a mac means I need to use VMware Fusion for windows to run the client to connect to the server (overkill). So it’s possible to enable ssh access to the server using the tech support menu, which allows access to the underlying hypervisor and it’s file systems and therefore it’s possible to scp files to the filesystems again this is quite slow and overkill due to the encryption being used. Also due to dropbear being used for the ssh it doesn’t use sftp, which means that you can’t mount the filesystems ala. FUSE and sshfs.
I should say at this point, the goal of all this was to allow me to keep all my ISOs on one server and be able to access them from everywhere also, I wanted a PXE server to be able to access the ISOs and loopback mount them and then present the contents via NFS to the installers started by PXE.
So looking around I found some ftp binaries that should work on ESXi, given that the console access for ESXi is done with busybox there is no file command to determine what binary type the files are so I was unaware of what binaries I could run inside ESXi. This all worked fine following the instructions located on the vm-help.com website here however a few of the instructions are a little bit incorrect such as the path to tcpd is incorrect in inetd, however i’ll leave you to fix that. So on the PXE server using FUSE again and curlftpfs to mount the filesystem and this revealed a glaring bug as soon as I loop back mounted the first ISO. Unfortunately the problem lies in the fact that curlftpfs will use memory to store the file as it downloads it for access by FUSE, so trying to open a 4GB DVD ISO quickly exhausted my PXE servers memory and then it became unresponsive, great.
Further research turned up a blog post about some guy trying to use unfs to enable nfs sharing between two ESXi boxes, more specifically it was mentioned that linux binaries would work fine in the ESXi service console. One thing that was slightly confusing was that ESXi is x86_64 (64bit) however binaries that you need for the service console have to be 32bit otherwise you’ll get a confusing error that the binaries can’t be found when you try and run them due to busybox’s odd handling of errors. I present below the binaries required for nfs in ESXi :-
These are pretty easy to use, scp the file over to ESXi and untar it in /tmp al that’s left is to place the files in /tmp/sbin into /sbin and the files in /tmp/etc into /etc. The /etc/exports contains one entry to give access to /vmfs/volumes, which means that accessing the nfs share will give you the UUID paths for the disks containing VM’s and ISOs. To start the nfs server, start portmap first and then start unfsd which should be started the following way (unfsd -d &), this is due to unfsd not being able to disconnect from console on start up (something to do with busybox I assume).
One final note, is that once another machine connect to the nfs share portmap will go start using 50%-70% cpu and will need stopping and starting for other nfs clients. I’m still looking into this, however having a cron job to restart the process every few minutes should do the job.
ESX 4.1 USB install and Password complexity changes
Jul 23rd
As a point release i’m not sure why VMware decided to completely change the layout of files on the CD ISO along with change various system files, however they have. I suppose one change is beneficial as it improves the method for creating a USB stick which for previous versions of ESXi is documented here. They have also changed console access and ssh access to the hypervisor, which now can be enabled from the orange console screen under TSM (technical support mode) settings.
Writing to a USB stick:
Now the iso contains a simple file called imagedd.bz2 that is found in the root of the iso, which just need bunzip to decompress it and the dd’ing to a USB stick as documented before.
Password complexity:
At the moment there is nothing about this on the internet so it was a case of going through a few files to find it, but previously /etc/pam.d/common-password contained all of the password complexity requirements as documented on the VMware KB. However now all of the password requirements are located in the file /etc/pam.d/system-auth, so this file will need editing if you don’t want insane password requirements for all users.
Further Xcode – HelloWorld
Apr 14th
The inevitable HelloWorld application is a staple in learning a programming language, and provides the learner with the feeling of accomplishment as their first program speaks back to them… or something. Either way, this example will present us with a basic framework which we can use to build upon.
To break it down this example consists of,
- Creating a blank project in Xcode
- Using the default Delegate class and adding our own method (interface)
- Linking the GUI to our class
- Adding code to our method (implementation)
- Drinking tea
ESXi on USB
Apr 13th
As previously mentioned i’ve always been a XEN advocate for the hypervisor sitting on the physical machine, given the ready availability of a paravirtualised kernel for my Linux VMs. However a requirement to get to grips with VMware has led me to deploy ESXi on my systems so that I can have a proper look around at the OS and how it manages virtual machines. I’ve got disks all over the place, however my server I use for all my testing has a set up (and has reached capacity) meaning that i can’t use those disks. I found an old IDE disk that I installed in there, however the fiddling around with the oem.tgz(explained another time) never seemed to work for me at this point. So I picked up a USB key for €8 and decided to do a USB boot with the hypervisor on there.
This is pretty straightforward task to do and can be accomplished in two methods of either botching the install halfway through or pulling the image from the install CD and doing a raw write to the USB device. I opted for pulling the image from the CD and dd’ing this image onto my USB key by doing the following methods:
1. Acquire VMware ESXi 4.0 from vmware
2. Mount the CD (in linux by mount -o loop <path to ISO> <mount point>, or double clicking in OSX 
)
3. Copy install.tgz from the CD and extract in a working location, which should eventually give you a directory structure.
4. bunzip /usr/lib/Vmware/install/VMware-VMvisor-big-164009-x86_64.dd.bz2 (or equivalent file)
5. dd if=<path to .dd file> of=<path to USB device>
6. Change BIOS settings to boot from USB and boot up.
7. Set IP address, download VSphere client and off you go.
Refer to http://www.vm-help.com for any issues
Xcode Primer/Tutorial/How-to
Apr 13th
A Google search for Xcode examples and how-to’s etc.. returns a lot of results, however after following a few steps it becomes clear that the older tutorials simply can’t be followed. The newer Xcode (3.2.1 is current) has had it’s UI changed so much, especially the interface builder and the majority of instructions no longer apply.
I’m writing up the steps i’m following to learn, so that I can follow them when I have forgotten something (which I frequently do) and so that anyone else can follow them if they wish. I don’t intend to ever go too far with Xcode development, so don’t expect to find a how-to to developing a game or a photoshop alternative.
More >
Castle Frankenstein
Apr 12th
On Saturday we broke the cycle of spending the day aimlessly wandering around the centre of Darmstadt window shopping, eating junk food and ending up in the Ratskeller. Instead we went to visit Castle Frankenstein which is located a few kilometres away from Pfungstadt. I had been informed that the only way to this castle was a long walk uphill through a forest, however it appears there is a windy road all the way up to the castle that i’m sure Nick and his car would definitely appreciate.
Getting the tram to the bottom of the path was pretty straight forward, however that pretty much was the limit of the planning for the walk. So after a broken German conversation with a nearby gentleman we were pointed in a direction and told the walk would take 2 to 3 hours (I nearly went straight home at this point). We pressed on walking following random numbers painted on trees and trying to keep sense of direction that our German tour guide had pointed us in.
After walking aimlessly in the direction we assumed was correct we spotted what appeared to be the top of a castle, which still appeared quite away in the distance. After stumbling through a stables and being attacked by numerous crazy dogs, we started the ascent up the hill again vaguely in the direction of the castle. We managed the walk in one hour and twenty minutes, which beats the time given to us early quite respectably and includes fifteen minutes walking in the wrong direction at the top of one of the hills. I enabled the GPS application I have on my iPhone to give us an idea of what we were dealing with ascending/speed/distance etc.. This spat out a Google maps file that overlays the over the top route we took, which can be viewed here.
The full Gallery can be found here and if you are bored there is a wikipedia page too.
VMware ESXi 3.5 /4.0 on Xen (How-to)
Apr 11th
This may seem a truly useless idea to a lot of people, however I’ve always found having a ‘lab’ at home capable of building pretty much every system scenario very useful. Dealing daily with VMware ESX servers and VMs in a production environment means that I can never “fiddle” around and get to grips with whats under the hood or deal with the unsupported or hidden functionality. My Xen server has allowed me to create pretty much every scenario I may need Oracle RAC clusters, interoperability between various operating systems and various development environments. When I first received the server that I use for my environments my first choice of setup was going to be a VMware ESX setup, however the hardware requirements restrict most installations to a subset of hardware configurations meaning I couldn’t install it. Originally it would have been impossible to install it under a xen HVM on the basis that the virtualised network adapters are unsupported by ESX, however luckily from 3.4.0 onwards the xen-tools have been updated and allow the use of the e1000/e100 network.
SSH tunnels
Mar 23rd
Sometimes getting to various servers especially virtualised systems, can be a nightmare due to various firewall rules restricting the physical machine or just down to the network architecture itself. For this example we’ll use two virtual machines which are located behind nat’d firewalls on two different physical hosts the firewalls permit SSH access out that is it.
[PHYS_A [VM_A:5901]] <–/–> [PHYS_B [VM_B]]
VM_A needs to run a VNC Server that will bind to VM_A:5901, however will no access to the firewall etc.. there is no way that there can be any port forwarding to this internal VM. We could use IPtables on the VM_A and then again use IPtables on PHYS_A to bind 5901 from VM_A’s IP to PHYS_A, however we are still behind a firewall.
To accomplish this sharing a server running SSH is required, the location of this server is completely irrelevant as long as it’s accessible with a standard user account. This server will be called SSH and both machines can access it through the firewall.
[PHYS_A [VM_A:5901]] <—> [SSH] <—> [PHYS_B [VM_B]]
The next step is to push the port on VM_A to the SSH server using the following command:
[user@VM_A]$ ssh -R5901:127.0.0.1:5901 -C user@SSH
This will open a session that will create the port 5901 on the server SSH, this can be confirmed by running a netstat -a on the server SSH and seeing that 5901 is now listed as a TCP4 listening port.
[PHYS_A [VM_A:5901]] <—> [SSH:5901] <—> [PHYS_B [VM_B]]
The next step is to pull the port on SSH to VM_B where we have the client software (vncviwer). The following command is used to pull the port from an IP address and bind it to a local port in VM_B.
[user@VM_B]$ ssh -L5901:127.0.0.1:5901 -C user@SSH
There will now be the port created on VM_B that tunnels through SSH to VM_A.
[PHYS_A [VM_A:5901]] <—> [SSH:5901] <—> [PHYS_B [VM_B:5901]]
The user on VM_B can now use the service as if it was actually running on the host itself.
[user@VM_B] vncviewer localhost:5901
Notes for SSH flags:
-R [port to bind to on remote host] : [local host IP] : [localhost port]
-L [local port to use] : [remote IP] : [remote port]
-C (adds compression)
HOW-TO: Sun Cluster in VMware Fusion
Mar 19th
VMWare fusion cluster…
For all those people that need a sun cluster on their macbook. This is a small how-to of sorts, I’ll not go into full detail regarding everything as if you can’t manage the simpler steps then I find it unlikely you’ll manage to handle the later tasks of configuring sun cluster.
Recent Comments