Technologist

Tech stuff about Cloud, DevOps, SysAdmin, Virtualization, SAN, Hardware, Scripting, Automation and Development

I have been playing with my raspberry Pi for a while now, while connected to a TV or a monitor(), but the below guide shows how to connect to its console using a serial cable, this allows me to take it on the road and connect to it from my laptop. Also the serial cable provides power to it so I only need to take my Raspberry Pi and my usb-serial cable (as well as the SD card and WIFI adapter) and I have a complete system on the road.

You will need a usb to serial cable like the: USB to TTL Serial Cable – Debug / Console Cable for Raspberry Pi

I am using my Macbook Air and needed to get the following drives for my usb-serial cable:
http://prolificusa.com/pl-2303hx-drivers/
OR
http://changux.co/osx-installer-to-pl2303-serial-usb-on-osx-lio

Install the drivers and reboot.
Once you plug in your device, open your terminal and you will see the drivers under /dev

// Driver
$sudo dmesg | grep -i "PL-2303"
Password:
PL-2303/X V1.5.0 start, Prolific
// Device
$ls -lrt /dev/tty.usbserial
crw-rw-rw- 1 root wheel 33, 4 Apr 21 15:53 /dev/tty.usbserial

Connect the usb-serial cable to the Raspberry Pi like this:
raspberry_pi_console_cable

Ok, now that Raspberry Pi is connected to the usb-serial cable and the this to the computer, let’s start our terminal.

$ screen /dev/tty.usbserial 115200

You should see the Raspberry Pi starting up and its console messages:
Raspberry Pi Console

Now you can log in and start using your Raspberry Pi, like when it was connected to a TV (of course on command line mode).
Screen Shot 2013-12-05 at 9.36.02 AM

 

This is guide is for the first steps to get started with the Raspberry Pi, I will be working with the Raspberry Pi Model B (http://www.raspberrypi.org/wp-content/uploads/2011/07/RaspiModelB.png)

OS Config:

The first thing you should do, while waiting for the Raspberry Pi to be shipped is to burn the OS in a SD card. When you get a SD card or any piece of hardware or peripheral for the Raspberry Pi be sure to check http://elinux.org/RPi_VerifiedPeripherals

Download an OS to install on the SD card from http://www.raspberrypi.org/downloads
For this guide I am using Raspbian ‘Wheezy’ – which is based on Debian.

To burn the OS on the SD card, on a Mac:
Insert the SD card and find its devide node:

john@mac.local:~/Downloads/raspberry_pi$diskutil list
/dev/disk0
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:      GUID_partition_scheme                        *251.0 GB   disk0
   1:                        EFI                         209.7 MB   disk0s1
   2:          Apple_CoreStorage                         250.1 GB   disk0s2
   3:                 Apple_Boot Recovery HD             650.0 MB   disk0s3
/dev/disk1
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:                  Apple_HFS Macintosh HD           *249.8 GB   disk1
/dev/disk2
   #:                       TYPE NAME                    SIZE       IDENTIFIER
   0:     FDisk_partition_scheme                        *4.0 GB     disk2
   1:                 DOS_FAT_32 NO NAME                 4.0 GB     disk2s1

# Unmount the ‘automatically’ mounted partition (e.g. disk2s1)
john@mac.local:~/Downloads/raspberry_pi$sudo diskutil unmount /dev/disk2s1
Volume NO NAME on disk2s1 unmounted

# Unzip OS img
john@mac.local:~/Downloads/raspberry_pi$unzip 2013-05-25-wheezy-raspbian.zip
Archive:  2013-05-25-wheezy-raspbian.zip
  inflating: 2013-05-25-wheezy-raspbian.img

# Install image into SD card using ‘dd’ - go watch a movie, it takes a while...
john@mac.local:~/Downloads/raspberry_pi$sudo dd bs=1m if=~/Downloads/raspberry_pi/2013-05-25-wheezy-raspbian.img of=/dev/rdisk2
1850+0 records in
1850+0 records out
1939865600 bytes transferred in 107.348874 secs (18070666 bytes/sec)

# Eject the card
john@mac.local:~/Downloads/raspberry_pi$sudo diskutil eject /dev/rdisk2
Password:
Disk /dev/rdisk2 ejected

At this point you should have the OS ready on the SD card, if you will be using a TV with HDMI as the display for your Raspberry Pi, skip the next section(HDMI-VGA Adapter Display + Sound Config), otherwise see the ‘HDMI-VGA Adapter Display + Sound Config’ section for how to configure a non-HDMI display

HDMI-VGA Adapter Display + Sound Config::

The raspberry Pi conveniently comes with an HDMI port and also an RCA video port to allow to use a TV to display its output. That is great, but I wanted to use my PC monitor (or one I had lying around) to play with my raspberry Pi.

For those of you who have older monitors and want to use one, know this:
1) If the monitor has a HDMI port, you are all set
2) If the monitor has DVI, you can buy a HDMI to DVI cable
3) If the monitor has VGA, you CANNOT buy a HDMI to VGA cable. This was my situation and what I wanted to do, I wanted to use a small DELL monitor that only had a VGA port.

So, I needed to buy a HDMI to VGA adapter, there are several out there that look like a regular HDMI to VGA cable and they indeed do work with the raspberry Pi, but keep in mind that it will use power to feed the digital to analog conversion, and power is a scarce resource in the Raspberry Pi.

I am using the following adapter, which comes with external power, from Amazon:
Generic PC DVD HDMI to VGA & Audio For HDTV CRT Video Converter Box Adapter 1080P New

To be able to use a HDMI-VGA adapter, you will need to edit a config file, most likely on another computer because the Pi is not available yet due to display not available.

Put the SD card on another computer and edit config.txt

# To enable display through the HDMI-VGA adapter:
#disable_overscan=1
disable_overscan=0

# To enable sound through the HDMI-VGA adapter
hdmi_drive=2

*** To test sound once the Raspberry Pi starts up, plug in speakes to the HDMI-VGA adapter, then type:

pi@raspberrypi ~ $ aplay /usr/share/sounds/alsa/Front_Center.wav

Keyboard/Mouse Config:

The Raspberry Pi comes with 2 USB ports, which will be taken by the keyboard and mouse, but I needed another one for the Wifi. So I got the following keyboard which includes a TouchPad, so I don’t need an extra mouse and works perfectly with the Pi and Raspbian:
Smart Touch Mini USB TouchPad Keyboard

Network (WIFI) Config:

On the other USB port I plugged a Edimax EW-7811Un 150 Mbps Wireless 11n Nano Size USB Adapter which works out of the box with Raspbian. You can use the graphical interface to scan and connect, or edit the config file:

pi@raspberrypi ~ $ cat /etc/network/interfaces
auto lo

iface lo inet loopback
iface eth0 inet dhcp

allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

pi@raspberrypi ~ $ sudo cat /etc/wpa_supplicant/wpa_supplicant.conf
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1

network={
	ssid="mywlan"
	psk="strongpassword"
	proto=WPA
	key_mgmt=WPA-PSK
	pairwise=TKIP
	auth_alg=OPEN
}

Start Up:

After booting your Raspberry Pi you will see a menu, the important things to do are:
1. Expand Filesystem so that the whole SD card is available
2. Change User Password
3. Enable Boot to Desktop – THIS DEPENDS IF YOU THINK YOU WILL BE USING THE DESKTOP MOST OF THE TIME, otherwise dont enable it, and know that from the command line you can start the graphical environment by executing ‘startx’
4. Internationalisation Options
I1 Change Locale – Change to en_US.UTF-8
I2 Change Timezone – US/Eastern
I3 Change Keyboard Layout – English (US)

8. Advanced Options
A2 Hostname
A4 SSH – if you need to enable SSH

Select

// If later you want to go back to this menu, from a terminal type: ‘raspi-config’

You will be left in a command prompt, you can type startx and you will be taken to the graphical interface

That is it, you are all set, enjoy your Raspberry Pi

For a while now, I have been playing with the Soekris SingleBoard Computers (SBCs), they are compact, low-power, low-cost, advanced communication computers based on an up to 500 Mhz 586 class processor. In this particular model 5501, I installed ubunuty JeOS, and it has been my always on computer for a while.

Boot the Soekris while connected via serial. I am using my Macbook Air and needed to get the following drives for my usb-serial cable:
http://prolificusa.com/pl-2303hx-drivers/

Install the drivers and reboot.
Once you plug in your device you will see it under /dev

// Driver
$sudo dmesg | grep -i "PL-2303"
Password:
PL-2303/X V1.5.0 start, Prolific
// Device
$ls -lrt /dev/tty.usbserial
crw-rw-rw- 1 root wheel 33, 4 Apr 21 15:53 /dev/tty.usbserial

I had previously configured my soekris to have console speed of 57600 (default baud rate is 19200)

When connecting via console to a device, I usually prefer to use minicom, but you alternatives:

$ screen /dev/tty.usbserial 57600

But in this case, because I will be using XMODEM to transfer the bios image I downloaded from Soekris I will use ‘cu’

Download the latest BIOS from soekris’ website:
http://soekris.com/downloads.html

Connect to the serial using ‘cu’

$ sudo cu -l /dev/tty.usbserial -s 57600

// It will show you the BIOS version, in this case 1.32
// If the below does not show, it is very likely that you need to set ConMute=Disabled, after pressing Ctrl+P to get to the Menu

...
> set ConMute=Disabled
> reboot
...
comBIOS ver. 1.32 20080626 Copyright (C) 2000-2008 Soekris Engineering.

net5501

0512 Mbyte Memory CPU Geode LX 500 Mhz

Pri Sla WDC WD800BEVT-60ZCT1 LBA Xlt 1024-255-63 78 Gbyte

Slot Vend Dev ClassRev Cmd Stat CL LT HT Base1 Base2 Int
-------------------------------------------------------------------
0:01:2 1022 2082 10100000 0006 0220 08 00 00 A0000000 00000000 10
0:06:0 1106 3053 02000096 0117 0210 08 40 00 0000E101 A0004000 11
0:07:0 1106 3053 02000096 0117 0210 08 40 00 0000E201 A0004100 05
0:08:0 1106 3053 02000096 0117 0210 08 40 00 0000E301 A0004200 09
0:09:0 1106 3053 02000096 0117 0210 08 40 00 0000E401 A0004300 12
0:20:0 1022 2090 06010003 0009 02A0 08 40 80 00006001 00006101
0:20:2 1022 209A 01018001 0005 02A0 08 00 00 00000000 00000000
0:21:0 1022 2094 0C031002 0006 0230 08 00 80 A0005000 00000000 15
0:21:1 1022 2095 0C032002 0006 0230 08 00 00 A0006000 00000000 15

// Enter Ctrl+P to get to the menu

>

// Download the image (In my mac I downloaded to /tmp/b5501_133c.bin
> download -

// Enter/paste ~+lsz -X /tmp/b5501_133c.bin
Start sending file using XMODEM/CRC protocol.
~+lsz -X /tmp/b5501_133c.bin
Sending /tmp/b5501_133c.bin, 784 blocks: Give your local XMODEM receive command now.
Bytes Sent: 100352 BPS:5198

Transfer complete

// Now update the flash with the downloaded image:

> flashupdate
Updating BIOS Flash ,,,,,,,,,,,,,,,,,,,,,,,,,,,,..,,,,.... Done.

// That’s it not reboot and you will see the new version

> reboot
...
comBIOS ver. 1.33c 20080626 Copyright (C) 2000-2008 Soekris Engineering.

net5501

0512 Mbyte Memory CPU Geode LX 500 Mhz
...

In this guide I will go through the process of upgrading a NetApp cluster’s Data OnTap, RLM, disk and shelf firmware in a non-disruptive manner.

The following process is for a FAS3040 cluster, but it should work on other series.

Environment:
FAS3040 cluster
OS: DOT 8.0.3P2 7-mode
shelves:
– DS14MK2 (both FC and SATA)
– DS4243 (both SAS and SATA)

Information gathering
Do a sysconfig -v and check for the following:

...
System Storage Configuration: Multi-Path HA   /// This tells you that your system is multipathed from a controller to shelf perspective
...
Remote LAN Module           Status: Online
		Part Number:        110-XXXXX
		Revision:           XX
		Serial Number:      XXXXX
		Firmware Version:   4.0       // It is very important to use the latest RLM/SP version (this is your out of band access to the system)
		Mgmt MAC Address:   XXXXXXXXX
		Ethernet Link:      up
		Using DHCP:         no
...
...
                60: NETAPP   X267_HKURO500SSX AB0A 423.1GB (976642092 512B/sect) // Check your disk firmware (AB0A)
                61: NETAPP   X267_HKURO500SSX AB0A 423.1GB (976642092 512B/sect) 
                Shelf 1: AT-FCX  Firmware rev. AT-FCX A: 38  AT-FCX B: 38     // Check your module version: frimware (AT-FCX A: 38) for FC-connnected shelves
		Shelf 2: AT-FCX  Firmware rev. AT-FCX A: 38  AT-FCX B: 38
...
...
                11.22: NETAPP   X308_HMARK03TSSM NA01 2538.5GB (5860533168 512B/sect) // Check your disk firmware (NA01)
                11.23: NETAPP   X308_HMARK03TSSM NA01 2538.5GB (5860533168 512B/sect)
		Shelf   0: IOM3  Firmware rev. IOM3 A: 0132 IOM3 B: 0132      // Check your module version: firmware (IOM3 A: 0132) for SAS-connnected shelves
		Shelf  10: IOM3  Firmware rev. IOM3 A: 0132 IOM3 B: 0132

...
...

Usually when I perform an upgrade of OnTap, I take the opportunity (or it may be a requirement) to update disk and shelf firmware.
You need to get the disk, shelf and RLM/SP firmware from netapp’s site support.netapp.com

Steps:
1) Upgrade your RML/SP
Download the latest RLM/SP (4.1) from: https://support.netapp.com/NOW/download/tools/rlm_fw/

Check your RLM/SP version (in this case it is RLM)

toaster> rlm status
	Remote LAN Module           Status: Online
		Part Number:        110-xxx
		Revision:           xx
		Serial Number:      xxxxx
		Firmware Version:   4.0
		Mgmt MAC Address:   xxxxxxxxxxxxx
		Ethernet Link:      up
		Using DHCP:         no
	IPv4 configuration:
		IP Address:         xxxxxxxxx
		Netmask:            xxxxxxxxx
		Gateway:            xxxxxxxxx

Place the RLM_FW.zip on the NetApp controller, under $etc/software, then:

toaster> software list
..
RLM_FW.zip
...

toaster> software install RLM_FW.zip

toaster> priv set advanced

toaster*> rlm update -f

Note: You must enter the -f option.
...The update takes approximately 30 minutes.
...

When the system prompts you to reboot the RLM, enter y to continue.

Verify:

toaster> rlm status
	Remote LAN Module           Status: Online
		Part Number:        110-xxx
		Revision:           xx
		Serial Number:      xxxxx
		Firmware Version:   4.1
		Mgmt MAC Address:   xxxxxxxxxxxxx
		Ethernet Link:      up
		Using DHCP:         no
	IPv4 configuration:
		IP Address:         xxxxxxxxx
		Netmask:            xxxxxxxxx
		Gateway:            xxxxxxxxx

2) Upgrade your disk firmware for all the disks that are outdated(do this the night before the DOT upgrade)
To do the disk FW upgrade on the background, check the following is enabled:

toaster> options raid.background_disk_fw_update.enable

From the ‘sysconfig -v‘:
11.22: NETAPP X308_HMARK03TSSM NA01 2538.5GB (5860533168 512B/sect)
Disk X308_HMARK03TSSM with firmware NA01 needs to be upgraded to NA04

Download the latest firmware from: http://support.netapp.com/NOW/download/tools/diskfw/
Place the .LOD file under $etc/disk_fw

You will see that they will start upgrading on the background non-disruptively

3) Upgrade your shelf firmware (same day as DOT upgrade)

Download the latest firmware from: https://support.netapp.com/NOW/download/tools/diskshelf/
Copy the .SFW file and the .FVF file if present to the $etc/shelf_fw and .AFW and its .FVF file to the $etc/acpp_fw directory.

4) Upgrade OnTap
Download ontap from NetApp’s site- in this case 8.1.2
Check its md5 checksum against what netapp posts on their download page to make sure you image is good.

Since we are doing a NDU(non-disruptive-upgrade), please make sure one system can handle your load

sysstat -c 10 -x 3  // Check the CPU to make sure it does not go over 50%
toaster> sysstat -c 10 -x 3
 CPU    NFS   CIFS   HTTP   Total     Net   kB/s    Disk   kB/s    Tape   kB/s  Cache  Cache    CP  CP  Disk   OTHER    FCP  iSCSI     FCP   kB/s   iSCSI   kB/s
                                       in    out    read  write    read  write    age    hit  time  ty  util                            in    out      in    out
  5%      0      0      0      85       0      0     803     11       0      0    26     92%    5%  Tf    7%       0     58      0     283    831       0      0
  4%      0      0      0     101       0      0    1147   3140       0      0    26     94%   17%  :    10%       0    101      0     449    996       0      0
  4%      1      0      0     105       0      0     576     11       0      0    26     87%    0%  -     6%       0    104      0     315    140       0      0
  3%      1      0      0      59       0      0     371      8       0      0    26     91%    0%  -     7%       0     58      0     379    844       0      0
  6%      0      0      0     111       0      0    2383   4595       0      0     1     93%   37%  T    10%       1     83      0     260     28       0      0
  3%      0      0      0      36       0      0     349      8       0      0     1     91%    0%  -     8%       0     36      0     149    902       0      0
  4%      1      0      0      38       0      0     480     11       0      0     1     90%    0%  -    16%       0     37      0     312    853       0      0
  4%      1      0      0      98       0      0     379     11       0      0     1     92%    0%  -     7%       0     70      0     347   1107       0      0
  5%      0      0      0      65       0      0    1483   3224       0      0     1     95%   24%  T    12%       0     65      0     334    897       0      0
  4%      0      0      0      77       0      0     349     11       0      0     1     86%    0%  -     6%       0     77      0     235     33       0      0

On both NetApp controllers:
Download the system files for 8.1.2 (812_q_image.tgz) from the Support Site. Be sure to download the system files that match your node model.
If you are performing a Data ONTAP NDU (or backout), you must perform this step on both nodes before performing the takeover and giveback steps.

Copy 812_q_image.tgz to $etc/software

Make sure that it is there:

toaster> software list
...
812_q_image.tgz
...

Let NetApp know you are starting the NDU upgrade:

toaster> options autosupport.doit "Staring_NDU 8.1.2"

Start the upgrade (-r prevents automatic reboot)

toaster> software update 812_q_image.tgz -r
software: You can cancel this operation by hitting Ctrl-C in the next 6 seconds.
software: Depending on system load, it may take many minutes
software: to complete this operation. Until it finishes, you will
software: not be able to use the console.
cmd = ngsh -c system image update -node local -package file://localhost/mroot/etc/software/812_q_image.tgz -setdefault true
...
...
Installed MD5 checksums pass
Installing diagnostics and firmware files
Installation complete. image1 updated on node TOASTER

image1 has been set as the default

Tue Febsoftware: installation of 812_q_image 26 11:.tgz completed.
Please type "reboot" for the changes to take effect.     // DO NOT TYPE REBOOT, WE WILL TAKEOVER

Check the version

toaster> version -b
/cfcard/x86_64/freebsd/image1/kernel: OS 8.1.2
/cfcard/x86_64/freebsd/image2/kernel: OS 8.0.3
...
...

Now, use this opportunity to update the shelf firmware

toaster> storage download shelf
Downloading disk shelf firmware may take up to 10 minutes,
but will NOT disrupt client access during that time.

Are you sure you want to continue with shelf firmware update? yes
...
...
helf]: Firmware file IOM3.0152.SFW Tue Feb 26 11:06:11 EST [toaster: sdownloafu.downloadSuccess:info]: [storage download shelf]: Firmware file IOM3.0152.SFW downloaded on 2c.shelf0.
Tue Feb 26 11:06:11 EST [toaster: sfu.downloadSummary:info]: Shelf firmware updated on 3 shelves.
ded on 2c.shelf11.
Tue Feb 26 11:06:11 EST [toaster: sfu.downloadSuccess:info]: [storage download shelf]: Firmware file IOM3.0152.SFW downloaded on 2c.shelf10.
Tue Feb 26 11:06:11 EST [toaster: sfu.downloadSuccess:info]: [storage download shelf]: Firmware file IOM3.0152.SFW downloaded on 2c.shelf0.
Tue Feb 26 11:06:11 EST [toaster: sfu.downloadSummary:info]: Shelf firmware updated on 3 shelves.  // You are done
toaster> 

Perform the same process on the other NetApp controller

toaster2> software update 812_q_image.tgz -r
..
toaster2> version -b
..
toaster2> storage download shelf
[storage download shelf]: No shelves eligible for update   // You already did this on the other controller, this is to verify

Now that both controllers have the 8.1.2 DOT version, it is time for takeover in a NDU manner, which will reboot the controller

From controller1 (toaster)

toaster> cf status
Cluster enabled, toaster2 is up.
toaster> cf takeover
..
..
toaster(takeover)>

You should wait about 10 minutes before giving back to give the clients an opportunity to stabilize.
On the other controller, you will see (after a reboot)

Waiting for giveback...(Press Ctrl-C to abort wait)

…After 10 minutes

toaster> cf giveback
...
...

Check the second controller(toaster2) to ensure that it is running 8.1.2

toaster2> version
toaster2> sysconfig

Wait about 10 minutes, then from toaster2 takeover toaster

toaster2> cf takeover -n   // The option -n allows takeover when the onTap versions are incompatible, in this case 8.0.3 and 8.1.2
cf: ignoring version mismatch as part of NDU takeover
cf: takeover initiated by operator
...
...

You will see on toaster

Waiting for giveback...(Press Ctrl-C to abort wait)

Now is time to giveback services
On toaster2:

toaster2> cf giveback
...
...

Check the controller to ensure that it is running 8.1.2

toaster2> version
toaster2> sysconfig

Let NetApp know you are done:

toaster> options autosupport.doit "finishing_NDU 8.1.2"

That is it, RLM, disk fw, shelf fw and DOT were upgraded in a non-disruptive manner. You can check by running ‘sysconfig -v’

Snapshots are a great feature, probably one of the coolest in virtualization. They can become a problem if they are not used appropriately, unfortunately sometimes we let them grow to an unmanageable size, which can bring performance issues and give us headaches when we need to delete them.

In this post, I will show you how to find out what snapshots are present in your environment, along with some other useful information, like size.

To run the commands below you will need to install PowerCLI (on windows), which is a way to manage a VMware environment programmatically using PowerShell scripting.

To get PowerCLI, go to: www.vmware.com/go/powercli

1) Once you have PowerCLI, open it up, a command prompt will appear:

PowerCLI C:\Program Files\VMware\Infrastructure\vSphere PowerCLI> Connect-VIServer -Server vcenter.example.com -User john

Name                           Port  User
----                           ----  ----
vcenter.example.com             443   john

// At this point you have a session open with your vCenter

2) Query your vCenter to find out what snapshots are present:

PowerCLI C:\Program Files\VMware\Infrastructure\vSphere PowerCLI> Get-VM | Get-Snapshot | Format-list vm,name,sizeGB,create,powerstate

VM         : vm1
Name       : Before_upgrade
SizeGB     : 16.38431124389171600341796875
PowerState : PoweredOn

VM         : vm2
Name       : Before_package_install
SizeGB     : 12.368686250410974025726318359
PowerState : PoweredOn

Let me explain what is going on:
Get-VM‘ asks for the VMs that are running on your vCenter, PowerCLI returns an object for each VM and you then asks for the snapshots of each returned VM object by using ‘Get-Snapshot‘, then you take that output and format it by using ‘Format-list‘, but you are only asking for the information about ‘vm,name,sizeGB,create,powerstate

You can request any of the following:
Description
Created
Quiesced
PowerState
VM
VMId
Parent
ParentSnapshotId
ParentSnapshot
Children
SizeMB
SizeGB
IsCurrent
IsReplaySupported
ExtensionData
Id
Name
Uid

3) The above will give you the info you want, but I prefer CSV reports that I can share with the team or management. To get a good CSV report run the following:

PowerCLI C:\Program Files\VMware\Infrastructure\vSphere PowerCLI> Get-VM | Get-Snapshot | Select-Object vm,name,sizeGB,create,powerstate | Export-Csv C:\vm_snapshots.csv

I recommend taking a look at VMware’s best practices around snapshots:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1025279

Many companies buy wildcard certificates for many reasons: price, management, flexibility, etc.

The following guide shows how to install a wildcard certificate from DigiCert on your NetApp controllers.

You will need the following 3 files in PEM format:
DigiCertCA.pem // This is the Certificate Authority, in this case from DigiCert
wildcard_example_com.pem // This is the wildcard certificate
wildcard_example_com_key.pem // This is the private key

1) Stop SSL on the NetApp controller
filer> secureadmin disable ssl

Now From a Linux/Unix system:

2) mount the NetApp’s vol0
LinuxStation# mkdir /mnt/filer
LinuxStation# mount filer.example.com:/vol/vol0 /mnt/filer

3) Go to the keymgr folder and backup the current certificate and key.

# Backup Certificate
LinuxStation# cd /mnt/filer/etc/keymgr/cert/
LinuxStation:/mnt/filer/etc/keymgr/cert/# mv secureadmin.pem secureadmin.pem.bak

# Backup Key
LinuxStation# cd /mnt/filer/etc/keymgr/key/
LinuxStation:/mnt/filer/etc/keymgr/key/# mv secureadmin.pem secureadmin.pem.bak

4) Create the new files based on the wildcard certificate files, assuming you placed them on /opt/certificates

# Create Certificate
LinuxStation# cd /opt/certificates/
LinuxStation:/opt/certificates/# cat wildcard_example_com.pem DigiCertCA.pem > secureadmin_cert.pem
LinusStation# mv /opt/certificates/secureadmin_cert.pem /mnt/filer/etc/keymgr/cert/secureadmin.pem

# Create Key
LinuxStation# cd /opt/certificates/
LinuxStation:/opt/certificates/# cat wildcard_example_com_key.pem > secureadmin_key.pem
LinusStation# mv /opt/certificates/secureadmin_key.pem /mnt/filer/etc/keymgr/key/secureadmin.pem

5) On the NetApp controller, add the new cert:
filer> secureadmin addcert ssl /etc/keymgr/cert/secureadmin.pem

6) Enable SSL
filer> secureadmin enable ssl

“Git is a free & open source, distributed version control system designed to handle everything from small to very large projects with speed and efficiency.” –http://git-scm.com/

In this guide I will walk you through setting up a Git server and accessing it from a Git client over SSH.

Git Server
I am using CentOS 5.3 as my server.
Hostname: gitserver.example.com
SSH Port: 22444 (As opposed to the default port 22, for increased security)

Install Git

yum install git

Create a folder where you will keep the repositories

mkdir /opt/git

Create a git user and change the owership and permissions of the previously created folder to the new user

useradd -c “Git Repository” git
chown git:git git:git /opt/git/
chmod 770 /opt/git

Create an empty project, I am calling my project ‘myproject’

mkdir /opt/git/myproject.git

Initialize the repository using –bare to only include objects at the server side

cd /opt/git/myproject.git
git –bare init

You are done with the Git server, let’s take a look at the client

Git Client
Install Git on your client.

Debian/Ubuntu:
sudo apt-get install git-core

Red Hat/Centos:
yum install git (I am using the rpmforge repo)

Now it’s time to version-control your project.

Create a new folder to put your code (unless it exists already)

mkdir /home/john/myproject

Now it is time to add your project to Git (locally):

cd /home/john/myproject
git init

Add all the files in the current directory to be source controlled:
git add *

Commit the changes:
git commit -m “Myproject first commit”

Tell the Git client where to find the server and remote repository

git remote add origin ssh://git@gitserver.example.com:22444/opt/git/myproject.git

Push your project to the server

If you have shared SSH keys:
git push origin master

OR If you dont have configured SSH keys:
git push ssh://git@gitserver.example.com:22444/opt/git/myproject.git master

Now your project is under Git source control


Pull/Clone project:

The below will download the project folder in the current folder:

git clone ssh://git@gitserver.example.com:22444/opt/git/myproject.git

When you make changes to your project, you need to tell Git about it and commit the changes:

cd /home/john/myproject
git add *
git status (Check status)
git commit -a -m “A comment describing the change”

VSM High Availability is optional but it is strongly recommended in a production environment.
High availability is accomplished by installing and configuring a secondary VSM.

For instructions on how to install and configure a Primary Cisco 1000v VSM on your vSphere environment please follow
configure-vsphere-and-cisco-nexus-1000v-connecting-to-nexus-5k-upstream-switches

Then come back to this post to learn how to install and configure a secondary VSM for high availability.

1) Check the redundancy status of your primary VSM

n1kv# show system redundancy status
Redundancy role
---------------
      administrative:   primary
         operational:   primary

Redundancy mode
---------------
      administrative:   HA
         operational:   None

This supervisor (sup-1)
-----------------------
    Redundancy state:   Active
    Supervisor state:   Active
      Internal state:   Active with no standby                  

Other supervisor (sup-2)
------------------------
    Redundancy state:   Not present

// Check Modules

n1kv# show module
Mod  Ports  Module-Type                      Model              Status
---  -----  -------------------------------- ------------------ ------------
1    0      Virtual Supervisor Module        Nexus1000V         active *
3    248    Virtual Ethernet Module          NA                 ok
4    248    Virtual Ethernet Module          NA                 ok
5    248    Virtual Ethernet Module          NA                 ok

Mod  Sw               Hw      
---  ---------------  ------  
1    4.0(4)SV1(3b)    0.0    
3    4.0(4)SV1(3b)    1.20   
4    4.0(4)SV1(3b)    1.20   
5    4.0(4)SV1(3b)    1.20   

Mod  MAC-Address(es)                         Serial-Num
---  --------------------------------------  ----------
1    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         
3    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         
4    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         
5    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         

Mod  Server-IP        Server-UUID                           Server-Name
---  ---------------  ------------------------------------  --------------------
1    192.168.10.10      NA                                    NA
3    192.168.16.82       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  esx1.example.com
4    192.168.16.53       xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  esx2.example.com
5    192.168.16.149      xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  esx3.example.com


* this terminal session 

// check HA status

n1kv# show system redundancy ha status
VDC No    This supervisor                         Other supervisor                        
------    ---------------                         ---------------
                        
vdc 1     Active with no standby                  N/A     

2) Install the secondary VSM from the OVF.
Select to Manually Configure Nexus 1000v and just like the primary installation select the right VLANs for Control, Packet and Management.

When you get to this properties page:

Do not fill in any of the fields, just click next and Finish

3) Power on the Secondary VSM
The system setup script will prompt for the following:

Admin password // Choose your password
VSM Role: secondary // VSM will reboot
Domain ID: 100 // This must be the same domain ID you gave to the primary, I used 100

Once a VSM is set to secondary it will reboot.

4) Verify VSM high availability
Login to VSM and run:

n1kv# show system redundancy status
Redundancy role
---------------
      administrative:   primary
         operational:   primary

Redundancy mode
---------------
      administrative:   HA
         operational:   HA

This supervisor (sup-1)
-----------------------
    Redundancy state:   Active
    Supervisor state:   Active
      Internal state:   Active with HA standby                  

Other supervisor (sup-2)
------------------------
    Redundancy state:   Standby

    Supervisor state:   HA standby
      Internal state:   HA standby
n1kv# show module
Mod  Ports  Module-Type                      Model              Status
---  -----  -------------------------------- ------------------ ------------
1    0      Virtual Supervisor Module        Nexus1000V         active *
2    0      Virtual Supervisor Module        Nexus1000V         ha-standby
3    248    Virtual Ethernet Module          NA                 ok
4    248    Virtual Ethernet Module          NA                 ok
5    248    Virtual Ethernet Module          NA                 ok

Mod  Sw               Hw      
---  ---------------  ------  
1    4.0(4)SV1(3b)    0.0    
2    4.0(4)SV1(3b)    0.0    
3    4.0(4)SV1(3b)    1.20   
4    4.0(4)SV1(3b)    1.20   
5    4.0(4)SV1(3b)    1.20   

Mod  MAC-Address(es)                         Serial-Num
---  --------------------------------------  ----------
1    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         
2    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         
3    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         
4    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         
5    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         

Mod  Server-IP        Server-UUID                           Server-Name
---  ---------------  ------------------------------------  --------------------
1    192.168.10.10      NA                                    NA
2    192.168.10.10      NA                                    NA
3    192.168.16.82       XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  esx1.example.com
4    192.168.16.53       XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  esx2.example.com
5    192.168.16.149      XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX  esx3.example.com


* this terminal session 
n1kv# show system redundancy ha status
VDC No    This supervisor                         Other supervisor                        
------    ---------------                         ---------------
                        
vdc 1     Active with HA standby                  HA standby 

VMware recommends that you run the Primary and the Secondary on different ESX hosts.

5) Test VSM switchover
From the VSM run system switchover to switch between the active and the standby VSMs.

That is it, now you have a highly available Cisco 1000v VSM infrastructure.

The following guide describes the neccessary steps to install and configure a pair of cisco nexus 1000v switches to be used in a vSphere cluster.
These will connect to Cisco Nexus 5020 Upstream Switches.

In this guide the hardware used consists of:

Hardware:
3x HPProliant DL380 G6 with 2 4-port NICs.
2x Cisco 5200Nexus Switches

Software:
vSphere 4 Update 1 Enterprise Plus (needed to use Cisco nexus1000v)
vCenter installed as a virtual machine – 192.168.10.10 (on VLAN 10)
Cisco Nexus 1000v 4.0.4.SV1.3b –
Primary 192.168.101.10 domain id 100 (on VLAN 101)

I am assuming you have already installed and configured vCenter and the ESX cluster.

Cisco recommends that you use 3 separate VLANs for Nexus traffic, I am using the following VLANs:

100 – Control – Control connectivity between Nexus 1000V VSM and VEMs (Non Routable)
101 – Management – ssh/telnet/scp to the cisco Nexux 1000v int mgmt0 (Routable)
102 – Packet – Internal connectivity between Nexus 1000v (Non Routable)

And I will also use VLAN 10 and 20 for VM traffic (10 for Production, 20 for Development)

1) Install vSphere (I assume you have done this step)

2) Configure Cisco Nexus 5020 Upstream Switchports

You need to configure the ports on the upstream switches in order to pass VLAN information to the ESX hosts’ uplink NICs

On the Nexus5020s, run the following:

// These commands give a description to the port and allow trunking of VLANs.
// The allowed VLANs are listed
// spanning-tree port type edge trunk is the recommended spanning-tree type

interface Ethernet1/1/10
description “ESX1-eth0”
switchport mode trunk
switchport trunk allowed vlan 10-20,100-102
spanning-tree port type edge trunk

3) Service Console VLAN !!!

When I installed the ESX server, I used the native VLAN, but after you change the switch port from switchport mode access to switchport mode trunk, the ESX server needs to be configured to send specific VLAN traffic to the Service Console.
My Service Console IP is 192.168.10.11 on VLAN 10, so you will need to console to the ESX host and enter the following:

[root@esx1]# esxcfg-vswitch -v 10 -p “Service Console” vSwitch0

4) Add Port Groups for the Control,Packet and Management VLANs.
I add these Port Groups to VMware Network Virtual Switch vSwitch0 on all the ESX hosts. Make sure to select the right VLANs for your environment.

5) Now that you have configured the Control,Packet and Management Port Groups with their respective VLANs, you can install the Cisco Nexus 1000v.
I chose to install the Virtual Appliace (OVA) file downloaded from Cisco. The installation is very simple, make sure to select to Manually Configure Nexus 1000v and to Map the VLANs to Control, Packet and Management. The rest is just like installing a regular virtual appliance.

6) Power on and open a console window to the Nexus1000v VM(appliance) you just installed. A setup script will start running and will ask you a few questions.

admin password
domain ID // This is used to identify the VSM and VEM. If you want to have 2 Nexus 1000v for high availability, both Nexus 1000v will use the same domain ID. I chose 100
High Availability mode // If you plan to use 2 Nexus 1000v for high availability, then for the first installation select primary, otherwise standalone
Network Information // Things like IP, netmask, gateway Disable Telnet! Enable SSH!
The other stuff we will configure later (Not from the Setup script)

7) Register vCenter Nexus 1000v Plug-in
Once you have the Nexus 1000v basics configured, you should be able to access it. Try to SSH to it (Hopefully you enabled SSH).
Open a browser and point it to the Nexus 1000v management IP address (in this case 192.168.101.10) and you will get a webpage like the following

  • Download the cisco_nexus_1000v_extension.xml
  • Open vSphere client and connect to the vCenter.
  • Go to Plug-ins > Manage Plug-ins
  • Right-click under Available Plug-ins and select New Plu-ins, Browse to the cisco_nexus_1000v_extension.xml
  • Click Register Plug-in (disregard security warning about new SSL cert)

You do NOT need to Download and Install the Plug-in, just Register it.

Now we can start the “advanced” configuration of the Nexus 1000v

8 ) Configure SVS domain ID on VSM

n1kv(config)# svs-domain
n1kv(config-svs-domain)# domain id 100
n1kv(config-svs-domain)# exit

9) Configure Control and Packet VLANs

n1kv(config)# svs-domain
n1kv(config-svs-domain)# control vlan 100
n1kv(config-svs-domain)# packet vlan 102
n1kv(config-svs-domain)# svs mode L2
n1kv(config-svs-domain)# exit

10) Connect Nexus 1000v to vCenter
In this step we are defining the SVS connection which is the link between the VSM and vCenter.

n1kv(config)# svs connection vcenter
n1kv(config-svs-conn)# protocol vmware-vim
n1kv(config-svs-conn)# vmware dvs datacenter-name myDatacenter
n1kv(config-svs-conn)# remote ip address 192.168.10.10
n1kv(config-svs-conn)# connect
n1kv(config-svs-conn)# exit
n1kv(config)# exit
n1kv# copy run start

//Verify the SVS connection

n1kv# show svs connections vcenter

connection vcenter:
    ip address: 192.168.10.10
    remote port: 80
    protocol: vmware-vim https
    certificate: default
    datacenter name: myDatacenter
    DVS uuid: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    config status: Enabled
    operational status: Connected
    sync status: Complete
    version: VMware vCenter Server 4.0.0 build-258672

12) Create the VLANs on the VSM

n1kv# conf t
n1kv(config)# vlan 100
n1kv(config-vlan)# name Control
n1kv(config-vlan)# exit
n1kv(config)# vlan 102
n1kv(config-vlan)# name Packet
n1kv(config-vlan)# exit
n1kv(config)# vlan 101
n1kv(config-vlan)# name Management
n1kv(config-vlan)# exit
n1kv(config)# vlan 10
n1kv(config-vlan)# name Production
n1kv(config-vlan)# exit
n1kv(config)# vlan 20
n1kv(config-vlan)# name Development
n1kv(config-vlan)# exit

// Verify VLANs

n1kv(config)# show vlan
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    
10   Production                       active    
20   Development                      active    
100  Control                          active 
101  Management                       active   
102  Packet                           active    


VLAN Type
---- -----
1    enet  
10   enet  
20   enet  
100  enet  
101  enet  
102  enet  

13) Create Uplink Port-Profile
The Cisco Nexus 1000v acts like the VMware DVS. Before you can add hosts to the Nexus1000v you will need to create uplink port-profiles; which will allow VEMs to connect with the VSM.

n1kv(config)# port-profile system-uplink
n1kv(config-port-prof)# switchport mode trunk
n1kv(config-port-prof)# switchport trunk allowed vlan 10,20,100-102
n1kv(config-port-prof)# no shutdown
n1kv(config-port-prof)# system vlan 100,102
n1kv(config-port-prof)# vmware port-group dv-system-uplink
n1kv(config-port-prof)# capability uplink
n1kv(config-port-prof)# state enabled

// Verify Uplink Port-Profile

n1kv(config-port-prof)# show port-profile name system-uplink
port-profile system-uplink
  description: 
  type: ethernet
  status: enabled
  capability l3control: no
  pinning control-vlan: -
  pinning packet-vlan: -
  system vlans: 100,102
  port-group: dv-system-uplink
  max ports: -
  inherit: 
  config attributes:
    switchport mode trunk
    switchport trunk allowed vlan 10-20,100-102
    no shutdown
  evaluated config attributes:
    switchport mode trunk
    switchport trunk allowed vlan 10-20,100-102
    no shutdown
  assigned interfaces:

14) It is now time to install the VEM on the ESX hosts.
The preferred way to do this is using VUM(VMware Update Manager). If you have VUM in the system the installation will be very simple.
Simply go to Home->Inventory->Networking
Right Click on the Nexus Switch and add host

// Verify that the task is successfull

// Also take a look at the VSM console

n1kv# 2011 Jan 14 14:43:03 n1kv %PLATFORM-2-MOD_PWRUP: Module 3 powered up (Serial number )

n1kv# show module
Mod  Ports  Module-Type                      Model              Status
---  -----  -------------------------------- ------------------ ------------
1    0      Virtual Supervisor Module        Nexus1000V         active *
3    248    Virtual Ethernet Module          NA                 ok

Mod  Sw               Hw      
---  ---------------  ------  
1    4.0(4)SV1(3b)    0.0    
3    4.0(4)SV1(3b)    1.20   

Mod  MAC-Address(es)                         Serial-Num
---  --------------------------------------  ----------
1    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         
3    xx-xx-xx-xx-xx-xx to xx-xx-xx-xx-xx-xx  NA         

Mod  Server-IP        Server-UUID                           Server-Name
---  ---------------  ------------------------------------  --------------------
1    192.168.101.10   NA                                    NA
3    192.168.11.82    XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX  esx1


* this terminal session 

// Do the same for all the other ESX Hosts

15) Create the Port-Profile(s) (VMware Port-Groups)
Port-Profile configure interfaces on the VEM.
From the VMware point of view a port-profile is represented as a port-group.

// The Port-Profile below will be the VLAN 10 PortGroup on vCenter

n1kv# conf t
n1kv(config)# port-profile VLAN_10
n1kv(config-port-prof)# vmware port-group
n1kv(config-port-prof)# switchport mode access
n1kv(config-port-prof)# switchport access vlan 10
n1kv(config-port-prof)# vmware max-ports 200 // By default it has only 32 ports, I want 200 available
n1kv(config-port-prof)# no shutdown
n1kv(config-port-prof)# state enabled
n1kv(config-port-prof)# exit

16) Select the PortGroup you want your VM to connect to

17) Verify Port Profile/Port Groups from the VSM console

n1kv# show port-profile usage 

-------------------------------------------------------------------------------
Port Profile               Port        Adapter        Owner
-------------------------------------------------------------------------------
VLAN_10                    Veth1       Net Adapter 1  jeos_10                  
VLAN_20                    Veth2       Net Adapter 1  jeos_20                  
system-uplink              Eth3/5      vmnic4         esx1.example.com        
                           Eth3/6      vmnic5         esx1.example.com        
                           Eth3/9      vmnic8         esx1.example.com        
                           Eth3/10     vmnic9         esx1.example.com        
                           Eth4/5      vmnic4         esx2.example.com        
                           Eth4/6      vmnic5         esx2.example.com        
                           Eth4/9      vmnic8         esx2.example.com        
                           Eth4/10     vmnic9         esx2.example.com 

At this point you are ready to use the Cisco 1000v, but if you plan to run this in a production environment, it is strongly recommended you run the VSM in High Availability mode.
Follow this post to learn how to install and configure VSM High Availability:
cisco-nexus-1000v-vsm-high-availability

Running on runlevel 5 is not a good idea for a server, I try to run servers on runlevel 3 with as minimal packages as needed. But sometimes you need a graphical application or a browser for some reason or another. You can use VNC to connect to the server and do it over SSH to make sure the communication is encrypted.

This guide is to enable VNC over SSH on a Linux Server. I will use CentOS 5.2 server for this guide.

I will allow only user john to be able to VNC/SSH to the server. Since I will be testing GUI based stuff, I will need a graphical environment installed. I do not need to run my server in graphical mode, but I need to have the proper packages installed.

1) Install the X Window System group

[root@server ~]# yum groupinstall “X Window System”

2) Install the vncserver

[root@server ~]# yum install vnc-server

3) As the user that will use VNC, create VNC password

[john@server ~]$ vncpasswd

4) Modify VNC configuration to allow X (/home/john/.vnc/xstartup)

 #!/bin/sh

# Uncomment the following two lines for normal desktop:
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

5) Start the vncserver as the user who will have access, use a display number that you will remember, here I am using 2. Also use the following arguments to make sure it ONLY listens to the localhost.

[john@server ~]$ vncserver :2 -geometry 1024×768 -nolisten tcp -nohttpd -localhost

6) Check that the VNC service is only listening locally

[john@server ~]$ netstat -ntlp

tcp 0 0 127.0.0.1:5902 0.0.0.0:* LISTEN 7927/Xvnc

7) Ok, now lets connect using VNC over SSH
From a remote station you will start an SSH session and forward an arbitrary port(e.g. 5544) to the vnc server’s localhost address on port 5092. (It ends with 2 because you started the vnc server with :2)
That means that whenever you are on Server2 and you send packets to localhost on port 5544, those packets will be forwarded through the SSH tunnel to the vnc Server localhost on port 5902.

[alex@server2 ~]$ ssh -L5544:localhost:5902 john@server.example.com

8 ) Now on Server2 start a VNC client/viewer and on the server address, enter:

localhost:5544

9) Enjoy your secure VNC session!

VNC over SSH

VNC over SSH