i was asked today to look at an issue where backups of our virtual machines on vmware esx had began to fail. we use vizioncore’s vranger pro for backing up the vm’s and it has a “user account” on each of the servers running vmware esx.

after a quick look, i figured out what happened. password aging was set to require a password change every 90 days. since we don’t ever “interactively” log in to the esx servers with this particular account, however, we didn’t see the warnings.

we currently don’t have a “you must change your password every x days” policy, because we have a policy of using long, complex passphrases. because of this we didn’t want to change those passwords every 90 days per the default.

the fix was to disable password aging for vranger’s account on each of the vmware esx hosts, like this:

# passwd -x 99999 -w 7 -n 0 vranger

(the “-w 7 -n 0″ are probably unnecessary, but keeps this account’s settings consistent with the others.)

christian hammond, a vmware developer, let us now that vmware workstation 6.5 will have “100% more unity”. this isn’t a big deal for me as i’ve been using vmware fusion on the macbook for a few months now, but for my colleagues who haven’t yet “made the switch”, this will be cool for them too.

i think i’ve mentioned before that i manage a blackberry enterprise server at work. in the nearly two years we’ve been using it, it’s been running on the free vmware server. we first purchased vmware infrastructure last summer and moving the bes v.m. over to esx has never really been a huge priority.

a few days ago, it was decided that we’d go ahead and move it over. a co-worker handles most of the vmware management but i volunteered to take care of this for a few different reasons (which aren’t really relevant).

so this morning, at 2am, i start working to import the bes v.m. off of the vmware server and onto esx. i spent an hour and a half having nothing but problems. i eventually figured out a way to make it work and, as i write this, it’s at 87% completion.

in order to get the import to work, i had to:

• use vmware converter starter edition (not enterprise edition),
• import directly to a specific esx server (as opposed to a cluster), and
• use the credentials for my local account on the esx server (not the credentials i use to access the virtualcenter server — which is tied into active directory).

isn’t that fuckin’ retarded?

it just finished successfully, so it’s time to fire up the “new” v.m. and see how it went. *crosses fingers*

vmware’s vmotion is fuckin’ awesome, period. i guess i should explain.

at work, we have a pair of hp dl365’s running vmware esx while we’re getting familiar with it. let’s call them “esx-1″ and “esx-2″. neither are really considered “production” at this point. esx-1 and esx-2 each have a single gigabit ethernet connection into our core switch. the two ports were each members of one vlan and 802.1q was not being used. we needed to change that.

my co-worker, let’s call him keith, is the guy who handles most of the vmware stuff. i’m the network guy. thursday afternoon, while we were both in the office, he vmotion’d all the virtual machines over to esx-1. he did whatever it was he needed to do on the vmware side so that we could use 802.1q (vlan tagging) on esx-1 and i immediately made the required changes on the core switch. a quick check let us know that everything was good. he vmotion’d a few of the vm’s back over to esx-2 (we like to spread things out a bit).

esx-1 needed a few patches installed, so he eventually vmotion’d everything over to esx-2, put esx-1 in maintenance mode, installed the patches, and moved a few vm’s back to esx-1.

today, we decided we’d go ahead and make the changes so that we could use 802.1q on esx-1. this time, however, keith was at his house, i was at mine, and the esx servers were in the datacenter. no big deal.

i was connected in through an f5 firepass ssl vpn while keith was connected in through a rhel 4 server running ssl-explorer. the rhel server just happens to be in a virtual machine running on the esx machines. again, no big deal.

keith, while connected through ssl-explorer, made the necessary changes to vmware (i have no idea what he actually has to do) and let me know (we were “talking” via our internal jabber server) that he was ready. i was already connected into the core switch so i changed the vlan membership of the port that esx-1 was connected to. verified i could still ping esx-1 and let keith know i was done. he checked and everything looked good.

keith decided to vmotion the ssl-explorer virtual machine back over to esx-1 — remember that this was the server he was going through to vpn into the network. vmotion, of course, is fast as shit. i opened another terminal and started pinging the ssl-explorer server. keith started the vmotion and i was able to identify when the move actually took place — i missed one ping reply.

after that, the ssl-explorer server was back on esx-1, happily doing it’s job. i got an “i’m still here” instant message from keith and we were good to go.

now how damn cool is that? =)

[root@bl-xen14 ~]# xm list
Name               ID Mem(MiB) VCPUs State   Time(s)
Domain-0           0      440     4 r-----   1834.7
xen_01             1      255     1 -b----    502.3
xen_02             2      255     1 -b----    512.3
xen_03             3      255     1 -b----    508.5
xen_04             4      255     1 -b----    508.6
xen_05             5      255     1 -b----    511.7
xen_06             6      255     1 -b----    513.6
xen_07             7      255     1 -b----    503.7
xen_08             8      255     1 -b----    508.9
xen_09             9      255     1 -b----    511.2
xen_10            10      255     1 -b----    507.7
xen_11            53      255     1 -b----     29.7
xen_12            54      255     1 -b----     32.0
xen_13            55      255     1 -b----     31.3
xen_14            56      255     1 -b----     37.9
xen_15            57      255     1 -b----     26.8
xen_16            60      255     1 -b----     46.5
xen_17            59      255     1 -b----     46.2
xen_18            63      255     1 -b----     38.0
xen_19            65      255     1 -b----     34.8
xen_20            84      255     1 -b----     19.2
xen_21            85      255     1 -b----     20.0
xen_22            71      255     1 -b----     38.6
xen_23            70      255     1 -b----     37.4
xen_24            74      255     1 -b----     41.6
xen_25            73      255     1 -b----     41.3
xen_26            75      255     1 -b----     43.3
xen_27            76      255     1 -b----     43.2
xen_28            86      255     1 -b----     19.4
xen_29            87      255     1 -b----     20.2
xen_30            83      255     1 -b----     26.4

xen++

prior to getting my new macbook i used firefox exclusively. one of my favorite extensions was foxmarks since i typically use a number of different pc’s each day (between work, home, being on the road, etc.). i was told to try to stick to safari and not install firefox, if possible. i’ve managed to make it almost two weeks now but not having my bookmarks handy has been a bit inconvenient.

for that reason, i’m including here links to a number of sites that i had bookmarked in firefox prior to getting the macbook. they’re primarily for me, but they might be useful to others as well.

• advanced mysql replication techniques
• xen templates
• 99 resources for web 2.0 design
• the bakery, everything cakephp
• neat tricks with iptables
• tools for leaders and managers
• blog contests, link contests, any contest
• mac os x leopard: 200+ productivity booster keyboard shortcuts
• spiceworks - free network monitoring software for network management
• 100 ways to keep yourself happy
• thebadapples.info
• spreadsheet::writeexcel
• seven must have mac os x applications
• open source mac
• 12 programs to put on your brand new christmas mac
• mac os x - the perfect sysadmin workstation
• top 100 mac apps