Posts tagged operating system
WebSphere have announced WAS hypervisor edition.
You get an OVF package with a ready to use WAS profile running on Linux. The OVF package can be deployed on VMWare ESX/ESXi and IBM’s cludeburst appliance.
Websphere also say that they carried out WAS best-practice tuning for the OS. Not sure how mattering this tuning is considering the generic nature of WAS (different application=different tuning), and the generic drivers that a VM uses.
I wonder how enterprise IT administrators would accept an OS different from what they usually roll with.
important to mention that similar zero-install pre-configured WAS environment are available on the IBM test cloud (in Beta).
The real important message made here by IBM is that the WAS hypervisor edition is only a first bird. Although naked manual WAS installation is not a biggy, IBM products running on WAS are. As the OVF standard matures and virtualization becomes the default production hosting environment, we will be seeing complex WAS based products (say Portal, and Process Server) shipped as ultra consumable OVF packages. Even a complete topology consisting of many servers can be delivered as a single OVF package.
This delivery mode is quite similar to VMWare’s software appliances, only applicable to more than one Hypervisor when packaged as OVF (theoretically).
Bad news to professional services people and install manager software developers.
This post is about NATing an ESX VM, but first, why do I need NAT:
The SIP protocol is not NAT oblivious. To traverse NAT our application has to replace the DNS in the SIP message contact header to the external FQDN that the message receiver will be sending responses to (A NAT with static routing configured).
Therefore I needed to test our software in a NAT topology.
In the past, when we used VMWare player/workstation, it had a build-in NAT network. But, unfortunately, the ESX hypervisor does not provide a NATed network option.
Seeking alternatives at VMWare’s appliance marketplace, I found and downloaded the Vyatta’s community edition (VC5) router appliance (also downladble from sourceforge), and comes under the GPL license.
After 3-4 hours – guided by the official quick start guide - I had a working NAT configuration in the ESX. Hurray!
Overall, not a hard nut to crack , though I wish VMWare will wise up and just add an build-in NAT option to vSphere.
Left to do:
Obtain some static IPs, so the config won’t break each time the vm reboots and the DHCP lease expires.
If you want want to access your NATed VM by RDP/VNC, without setting up extra NAT routing rules, consider adding the VM an additional un-NATed NIC, but when doing so, make sure that the OS routing tables are set to route through the NIC that is NATed.
This short vyatta user installation report also helped me a bit.
Here’s the complete configuration script I ended up feeding to the appliance console (network topology is similar to the one presented in the Vyatta’s getting stated guide):
184.108.40.206 is your department’s DNS server
192.168.1.199 is the VMs NATed private IP address (provided by the DHCP).
The script contains a NAT forward rule for VNC (port 5900)
configure set system host-name vyatta-nat set interfaces ethernet eth0 address dhcp set service ssh set service https commit; save; # restart the appliance to switch from console remote desktop to SSH: #login with user and password configure show interfaces set interfaces ethernet eth1 address 192.168.1.254/24 commit; delete service dhcp-server set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.199 set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 default-router 192.168.1.254 set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 dns-server 220.127.116.11 commit; show service dhcp-server set service nat rule 1 source address 192.168.1.0/24 set service nat rule 1 outbound-interface eth0 set service nat rule 1 type masquerade commit; show service nat save; exit show nat rules configure set service nat rule 20 type destination set service nat rule 20 inbound-interface eth0 # use a negative fake address to so that all incoming communication will be nated #set service nat rule 20 destination address !192.168.50.0 #Forward traffic to address 192.168.1.199 set service nat rule 20 inside-address address 192.168.1.199 set service nat rule 20 protocol tcp set service nat rule 20 destination port 5900 commit; save; exit
Avi Ribchinsky, a friend and a college of mien, is transitioning from C++ to the Java world. He had been playing with Thread.sleep(), when he noticed that the sleep method might oversleep more than ordered, and moreover, it could also under sleep (see Fig 1). Coming from the C++ world, that surely caught him surprised
How is sleep implemented in Java anyway?
Avi came asking me if I knew anything about it, I was wondering myself how such a common and important method could be faking in the way shown above. Is it the OS? a Bug in the specific JRE version used? Maybe the API doesn’t guarantee milliseconds precision to begin with?
Thinking about all of these factors, we realized that we don’t really know how the JVM implements the sleep method functionality, my best guess would have been that the process registers itself in the OS for a wake up call, and the OS wakes the process via a software interrupt. OK, time to search the web.
The following article gives a very detailed answer, explaining that sleep is implemented by a thread giving up its OS scheduling quantum back to the scheduler, on the next execution quantum the thread gets, it has the chance to wake up and continue processing, or again continue sleeping.
Therefore, the accuracy resolution of sleep is directly dependent on the process scheduling resolution of the operating system in usage. Since windows XP process scheduling resolution is roughly 10ms, the sleep mechanism, in the Avi’s example, might had preferred to under sleep “a little” rather than oversleeping “a lot”, by waking himself in the current scheduling cycle quantum, rather than in the next, future, quantum.
The article also mentions that the inaccuracies are worsened when a process with a higher scheduling priority, than the sleeping process, is in a runnable state.
I assume that, running on a Hypervisor with course grained process scheduling would also produce greater inaccuracies.
You can’t rely on the millisecond accuracy of the sleep method. Take a before and after time measurament to find the actual time spent sleeping, in order to avoid ever increasing inacurracies.
I have two windows servers that shouldn’t talk to each other. How do I make sure they don’t?
Right, why not use some firewall? well, because I can’t just install any software on these servers, company regulations, and windows’ built-in firewall suck big time (only inbound, have to configure ALL exceptions).
On Linux this is quite a trivial IPTables command. Run the following on server#1:
iptables -I INPUT -s server#2 -j DROP iptables -I OUTPUT -d server#2 -j DROP
Unfortunately there’s nothing like IPTables built into windows.
Driving inspired from the IPTables concept of routing the packets to the trashcan (“
-j drop“), I realized that much same could be implemented on windows by twicking the OS routing table causing it to deliver packets for server#2 to no where.
Here’s my hand tailored, freeware, no software required, windows firewall that sends packets to a vacation in /dev/null:
route ADD 18.104.22.168 MASK 255.255.255.255 22.214.171.124
Server#1 IP is 126.96.36.199
Server#2 IP is 188.8.131.52
184.108.40.206 isn’t assigned to anyone – our /dev/null for the occasion.
If you add the route instruction only to server#1, but not to server#2, then server#2 can still send IP packets to server#1, while this breaks TCP completely, server#2 could still send UDP datagrams to server#1.
Make sure the servers are configured with static IP, otherwise your solution would break over time. In order to make the route persistent across server reboots, add the -p flag.
I just read through most of O’Reilly’s Linux Server Hacks book.
I expected another dull Linux how-to book, which goes over the man/info of the most obvious commands, but instead I found an interesting, original, advanced hardcore book, full of Linux goodies to brag about in front of my colleagues.
Some note worthy items:
- A thought effective usage of SSH, especially as a secure channel for moving bits around the network, between a pair of processes each running on its own host.
- How to reset your root password, without a rescue disk, using the LILO boot loader.
- I didn’t knew about ext2/3 chattr and lsattr before reading the book…
- Periodical rsync runs could save a lot wasted scp time.
- (#44) burning a CD over the network using a pipe – cool
- (#50) setting up a VPN using IPIP tunneling
- (#57) lsof – hey, I’ve been using it for years.
- (#63) loved to learn that the send_arp utility can help me to revoke all of the subnet’s machine (and router?) IP->mac mapping. Handy when setting up a two bits IP fail-over system.
- (#68) ssh-agent – now I know what it is – very useful in the hands of an all mighty admin ruling over hundreds of minions machines.
- (#73) loved the one-liners perl scriptlets.
To conclude, a must have in your bathroom library.
When using the VMWare convertor utility to convert between VmWare player/Workstation/server VM images to an ESX image, if the VM you are converting is Linux you might run into boot problems (“kernel panic” message) due to SCSI drivers problems.
I found a couple of resources about the problem but none fully worked for me, here is my special recipe:
The configuration I used was: RHEL 5.1 VM, and ESX 3.x server.
- Use the converter to load the image to the ESX
- If you will start the converted image on the ESX you will see a kernel panic message
- Go to VMWare infrastructure client -> ESX server -> vm props -> hardware -> SCSI controller -> change from buslogic to LSI Logic
- Load the vm CD-ROM drive with RHEL5 install disk (also serves as a rescue disk)
- Boot the VM from the CD -> when prompted, enter: linux rescue
- The rescue disk should identify the linux partition and mounts it on /mnt/sysimage
- After getting a prompt enter: chroot /mnt/sysimage
- Backup, and then edit /etc/modules.conf, add this line: alias scsi_hostadapter BusLogic
- Backup the current ramdisk file: cp /boot/init-[version].img /boot/init-[version].img.bak
- Rebuild with new module and overwrite existing: mkinitrd -f -v /boot/initrd-[version]-img [version]
- Reboot the OS.
- Boot from the hard drive – The system will start normally
Weird that VMWare do not bother with their official proper documentation.
Kudos to the vmware user community!
Lately, I’ve been crossing paths with too many enterprise-level server products that, once installed, can’t tolerate any change to the local machine’s hostname.
Don’t get me wrong, I’m not spoiled to dare wishing that a hostname change will be handle in run-time, without a restart. I’m not even suggesting that the change would be automatically detected and processed on the next product restart. I much more modest that that, Just having a documented working procedure on how to do that offline would make me a happy man. The current, glum, state of affairs is that some products would have to be completely re-installed if the hostname were to change.
Some of the reasons for changing a machine’s hostname might be:
(1) You want to clone a new server from a, best practiced already installed, server template, each cloned copy should have a unique computer name (very useful in test environments, especially handy when making a vm duplicate of a template virtual machine).
(2) You have an existing server which changed its business role – you plan to install a new application module (EAR), but want to keep the existing middleware infrastructure (JEE AS).
(3) You no longer want the server to be reachable by it’s original name (without making use of DNS administration, and aliases tricks).
(4) You want to implement a new server naming convention in your production environment.
Now Programmers, how hard can it be to live in peace with a dynamic hostname?
(1) If you are sure that the target network resource is the local machine then just use the localhost loopback interface instead of a hostname, when addressing it.
(2) Query the OS when retrieving the machine’s hostname, instead of relying on static, sometimes binary, stale, configuration files.
(3) Keep all application network resources is a centralized configuration repository. Provide an offline API for the admin to access it.
As a side note:
IBM WAS ND 6.X now has, a long awaited, offline API for updating the hostname of a machine.
If you know and care about other products that support or don’t support hostname updates, please place your comment.