High Point says running the Rocket Raid 4222 card in ESXi is fully supported, but the steps provided in the documentation don’t work. Here is how to install the driver in a few easy steps. (more…)

Site-to-site VPN is better than user-to-server if you want to bridge two locations over a public network. If you do a client-to-server setup, the server cannot see the clients. To bridge two locations so each location can see users on the other network, we want to use a site-to-site setup.

Most OpenVPN implementations will be similar, but here is the specific process for Vyatta. It takes about 10 minutes.

1. Generate Preshared Key
2. Configure tunnel.
3. Set routing.

1. Generate Preshared Key.
On one end we need to generate the key. vpn openvpn-key generate "keyname" I like to use source and destination like BRANCH1-BRANCH2 names so I know what they are for. Then you can make unique keys for each connection. This process is super fast. The file is created in your ~/ folder if you don’t specify. I create a /rsa/keys/ folder. chmod 700 /rsa/keys -R
Then you copy the key to the other side. You can use a flash drive, scp or any secure way to transfer this file. Don’t send it over the public internet or email.

2. Configure Tunnel.
configure
set interfaces openvpn vtun5 mode site-to-site
set interfaces openvpn vtun5 shared-secret-file /rsa/keys/(filename)
set interfaces openvpn vtun5 local-address 172.16.5.1 (I use the same class c number that I use for the vtun# to keep everything straight.)
set interfaces openvpn vtun5 remote-address 172.16.5.2
set interfaces openvpn vtun5 remote-port 11180 (I choose a non standard port)
set interfaces openvpn vtun5 local-port 11180
set interfaces openvpn vtun5 remote-host (public static ip of the remote device)


Easy. Now do the other side and swap the local and remote addresses, and set the public ip of the first host as remote-host.

3. Routing.
One line. set protocols static route (remote network/mask) next-hop 172.16.5.2 (The other end of the tunnel from the box you are on)

commit
save
exit

Once you get the commands in both ends, the tunnel should come up by itself. The site-to-site model allows either end to innitiate so as long as they can see each other you should be already set. To verify that it works, try this.
First make sure you can ping the other end public ip. Obviouslly, the other end has to be set to accept pings.
Second, try show interfaces openvpn You should see “up up”.
Third, ping the remote tunnel ip.
Last, ping a machine in the remote subnet.

ESXi 4.0 installs with the default block size of 1MB. I am not sure why they won’t let you change it during install. Thankfully it is super easy to change after install, but it will wipe out your data.

VMFS Size Limitations (from VMware KB)

The Process

Boot up. When it is done, press Alt+F1.

Type `unsupported` and press enter. The letters will not show up when you type it.
Enter your root password.

Type “esxcfg-scsidevs -m” and it will give you your drive information.
“fdisk -l” will give you partition information. (You are looking for type fb VMFS)
Pick the drive and partition to fix. Mine is partition 3 on a crazy long drive name.

Type “”vmkfstools -C vmfs3 -b <block size> -S datastore /vmfs/…<long path from above>:<partition number>”
It took like 20 seconds for my 1TB drive.

Reboot and you are done.

It is irritating when a mission critical network service fails. It should never happen, but it always does at 2:30 AM on the day of the big launch. For such cases a watchdog application is essential. A watchdog is simply a program that looks to see if another program is running. If it isn’t, the watchdog takes actions to start it. This is so easy to do, and most sys admins don’t bother. After a time or two of a service failure, you will learn to love this little dog as I have. <3

Ok. you need two things to have a successful watchdog. First the watchdog script. This one is for asterisk as an example but you can do anything. Make sure to make him root executable. chmod 755 is good. 700 works if you want to be super strict about security, and have the whole permssions thing perfect.

/etc/asterisk/watchdog.sh

#!/bin/sh
if [ `pidof asterisk` ]; then
        echo “Asterisk has a pid: I will do nothing.”
        exit
else
        echo “Asterisk not running!”
        /etc/init.d/asterisk start &
        exit 1
fi

Second, you need to tell cron to run this program every minute. You can make a watchdog that loops constantly, but for me less than 60 seconds of downtime is good enough. Make sure he runs as root so he has privileges to start the application in question.

Put this in your crontab:

* * * * * root /etc/asterisk/watchdog.sh

That is it. Every minute little Bruno will run around and see if asterisk is doing his job. If not, he will get asterisk going.

This script gives some output so you can test it to see if it is working. Run ./watchdog.sh when you know the application is down, and see if it starts it. Or even better, kill the application and do a ‘watch pidof asterisk’ and see if Bruno is doing his job.

I have been fiddling with Linux for about a year now.  Very cool stuff, considering it is free, but I have been lacking a practical application for a personal computer. All of that has changed this weekend…

A museum that I consult for had a pretty sticky problem. They had a complex sound system installed in 2004, and the company that built it has gone under. Big problem, considering that they have no original software or administrator passwords for the equipment.  So last week there was a power surge and fried one of the Media matrix computer hard drives.  Of course no warranty left. Anyway, That is where Linux came to rescue me from despair.  With Linux it is possible to make an EXACT copy of a hard drive. So I used their second computer as an image and created a new hard drive for the first.  Here’s how it works. (more…)

I bought an old Sun Cobalt RAQ4i off ebay for $50. Not an impressive piece of hardware, but enough to serve as my dev box, so I am no longer making live changes to my hosted sites. I really needed something in a small rackmount package, and this was right on. I figure I can also host a few websites for family and friends, so I don’t need a powerful machine. It is also much cheaper than renting a second server in a colo at $150 a month. I am pretty close to the SBC DC, and have a low latency connection so I figured… ehh why not try it and see how it goes. (more…)

It is amazing to me that I haven’t found this before. DD-WRT is a firmware upgrade for the Linksys WRT54G (and variants) that allows you to supercharge the functionality. (more…)

I am not a good one for tedious, detailed things. I am what you might call a big picture person. Lately I have been working on putting my video collection of things I have made on the website. It is a very trying process for me, mostly because there are so many of them. AHH. I can be a bit of  a perfectionist, and I want it to be great when it is done– and I look forward to that. The in-between steps are just a lot for me to take when I am right in the midst of them.

I think I may start a category for dumb computer messages. Here is one that I got today after installing a new video card. I took a screen shot.

If you can’t read that, it says: “The currently selected graphics display driver cannot be used. It was written for a previous version of Windows, and is no longer compatible with this version of Windows. The system has been started using the default VGA driver. Please contact your hardware manufacture to get an upgraded driver, or select one of the Microsoft provided drives.”

Oooookay. Well I didn’t even try to install one so I just figured it was outdated. But then I noticed a peculiar thing… it recognized the type of video card just fine, and look who supplied the driver. Microsoft?!? But I thought you said it was old and to use the Microsoft one. Hmm. Weird.

Easy fix, Downloaded and installed the branded Nvidia driver.

Oh the rage of the popular gadgets. More than a Star Wars following of groupies turned out in the North Park mall to wait in line for hours for this buggy piece of technical history. I just don’t see the appeal. (more…)