Links to Tanzu, Kubernetes (K8s) resources good for self education ...
Thursday, December 23, 2021
Wednesday, December 22, 2021
Monday, December 20, 2021
VRA 8.6 and vSphere 6.7 U3 SDRS
We completed our homework related to SDRS testing with vRA8.Testing was performed on vRA8 DEV env and in our DEV vCenter, we have dedicated storage cluster with 2x5TB LUNs with SDRS set up to full auto. Both advance properties VraInitPlacement and VraExpandDisk are set to 1. Same storage cluster is used for vRA7 deployments where everything works as expected.
Thursday, December 16, 2021
VMware NSX-T & Cisco ACI - VMware KB 57780
Vyjádření k VMware KB 57780 - https://kb.vmware.com/s/
Saturday, November 27, 2021
FreeBSD - OpenVPN
Client behind NAT establishing connection
file /etc/rc.conf
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/client/client.conf"
openvpn_configfile="/usr/local/etc/openvpn/client/client.conf"
gateway_enable="YES"
file /usr/local/etc/openvpn/client/client.conf
client
tls-client
tls-client
cipher AES-256-CBC
pull
dev tun
proto udp
remote 104.248.252.189 1194
nobind
user nobody
group nogroup
persist-key
persist-tun
key-direction 1
tls-auth /usr/local/etc/openvpn/client/ta.key 1
comp-lzo
verb 3
ca /usr/local/etc/openvpn/client/ca.crt
cert /usr/local/etc/openvpn/client/client.crt
key /usr/local/etc/openvpn/client/client.key
remote-cert-tls server
dev tun
proto udp
remote 104.248.252.189 1194
nobind
user nobody
group nogroup
persist-key
persist-tun
key-direction 1
tls-auth /usr/local/etc/openvpn/client/ta.key 1
comp-lzo
verb 3
ca /usr/local/etc/openvpn/client/ca.crt
cert /usr/local/etc/openvpn/client/client.crt
key /usr/local/etc/openvpn/client/client.key
remote-cert-tls server
Server in cloud
file /etc/rc.conf
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/server/server.conf"
openvpn_configfile="/usr/local/etc/openvpn/server/server.conf"
nginx_enable="YES"
file /usr/local/etc/openvpn/server/server.conf
port 1194
proto udp
dev tun
ca /usr/local/etc/openvpn/server/ca.crt
cert /usr/local/etc/openvpn/server/issued/server.crt
key /usr/local/etc/openvpn/server/private/server.key
cert /usr/local/etc/openvpn/server/issued/server.crt
key /usr/local/etc/openvpn/server/private/server.key
dh /usr/local/etc/openvpn/server/dh.pem
topology subnet
server 172.16.166.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-config-dir /usr/local/etc/openvpn/server/ccd
route 192.168.4.0 255.255.255.0
route 192.168.7.0 255.255.255.0
route 192.168.9.0 255.255.255.0
route 192.168.4.0 255.255.255.0
route 192.168.7.0 255.255.255.0
route 192.168.9.0 255.255.255.0
keepalive 10 120
tls-auth /usr/local/etc/openvpn/server/ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
persist-tun
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log
verb 3
/usr/local/etc/openvpn/server/ccd/client
iroute 192.168.4.0 255.255.255.0
iroute 192.168.7.0 255.255.255.0
iroute 192.168.9.0 255.255.255.0
iroute 192.168.7.0 255.255.255.0
iroute 192.168.9.0 255.255.255.0
Sources:
- OpenVPN How To Guide: https://openvpn.net/community-resources/how-to/
- Static Key Mini-HOWTO: https://openvpn.net/community-resources/static-key-mini-howto/
Friday, November 26, 2021
Friday, November 12, 2021
FreeBSD NAT redirect_port
/etc/rc.conf
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
firewall_enable="YES"
firewall_type="OPEN"
nat_enable="YES"
nat_interface="em1"
/etc/rc.firewall
For automatic configuration edit /etc/rc.firewall, search for ${firewall_type}=[Oo][Pp][Ee][Nn] and in section firewall_nat_enable add following two lines.
${fwcmd} nat 1 config if ${firewall_nat_interface} redirect_port tcp 192.168.100.252:80 80
${fwcmd} add 50 nat 1 ip4 from any to any via ${firewall_nat_interface}
Monday, November 8, 2021
Task & Project Management nástroje
Seznam evaluovaných nástrojů pro Task & Project Management
• ClickUp
• Asana
• Monday.com
• Smartsheet
• Trello (Atlassian)
Osobně používám Monday.com několik měsíců za účelem task managementu pro všechny mé TAM zákazníky včetně PČR. Pro osobní task management jsem zkoušel jsem ClickUp, který nabízí omezenou variantu zdarma a viděl jsem prezentace a dema na všechny nástroje přímo od vendorů.
Kdybyste chtěli znát můj osobní žebříček nástrojů, tak zatím to mám takto
1. Asana, ClickUp, Monday.com
2. Trello (Atlassian)
3. Smartsheet
Tři nástroje na prvním místě mají velmi podobnou koncepci a umožňují velmi agilní projektový management včetně managementu utilizace (lidských) zdrojů.
Můj osobní názor je, že pro moje konkrétní potřeby jsem schopen použít jakýkoliv ze třech nástrojů na prvním místě, ale nejtěžší je zavést správný process a metodiku k používání jakéhokoliv z těchto nástroju, protože to není pouze o jednom člověku, ale o týmové spolupráci, takže to musí používat všichni v týmu a to je vlasntě nejsložitější, jelikož to vyžaduje trénink, dril a morálku.
Thursday, October 21, 2021
vSAN license not applied correctly
Summary
After the evaluation license expired the enterprise license was applied
The licensed features do not get passed down to the host
Cause
Engineering is aware of this issue in 6.7 and they are actively working to implement a fix for it in 6.7p06
Resolution
We manually applied the licensed features by using the following commands -
esxcfg-advcfg -s vit,allflash,stretchedcluster,erasurecoding,iopslimit,storageefficiency /VSAN/LicensedFeatures
Wednesday, October 20, 2021
Friday, September 17, 2021
RedHat - SCSI adapter
Troubleshooting commands
lspci -nnvv | grep -i SCSI -A 1
lsscsi
lsblk
dmesg | tail -40
dmesg | grep -i scsi
NUMA tunning
Advanced Virtual NUMA Attributes
VM settings
NUMA nodes are heavily load imbalanced causing high contention for some virtual machines (2097369) - https://kb.vmware.com/s/article/2097369
/Numa/LocalityWeightActionAffinity as 0
Thursday, September 16, 2021
Read IO spike every 5 minutes for 7.0U1 (84220)
Symptoms
- Storage array experiencing continuous 5 minute read spike and high CPU utilization.
- Other storage computations like deduplication and compression can be delayed or stalled.
- In our case it was huge environment (200-300 host) connected to Pure storage array
Purpose
This article will explain the reason and provide workaround or fix.
Cause
A change was made ( in 7.0U1):
In hostd to make API call every 5 minutes.
In VMFS a new lighter API was added to get the required stat.
Impact / Risks
Storage overutilization in case of large amount o hosts and large amount of datastores.
Resolution
Not available yet
Workaround
Changing /etc/vmware/hostd/config.xml on each host.
We can recommend to try to 12 hours for customer . Changing vmfsStatsIntervalInSecs=43200.
A one liner to perform this task:
sed -i -e 's/<vmfsStatsIntervalInSecs>.*>/<vmfsStatsIntervalInSecs>21600<\/vmfsStatsIntervalInSecs>/g' /etc/vmware/hostd/config.xml;/etc/init.d/hostd restart
Related Information
30 mins = vmfsStatsIntervalInSecs=1800
1 hour = vmfsStatsIntervalInSecs=3600
3 hours = vmfsStatsIntervalInSecs=10800
6 hours = vmfsStatsIntervalInSecs=21600
12 hours = vmfsStatsIntervalInSecs=43200
1 hour = vmfsStatsIntervalInSecs=3600
3 hours = vmfsStatsIntervalInSecs=10800
6 hours = vmfsStatsIntervalInSecs=21600
12 hours = vmfsStatsIntervalInSecs=43200
Default setting in etc/vmware/hostd/config.xml
<!-- Vmfs stats collection interval -->
<!-- Min value:5 mins Default Value:5 mins - in terms of seconds -->
<!-- Setting it below 5 mins will reset it back to 5 mins,due to perf impact on VMFS -->
<vmfsStatsIntervalInSecs> 300 </vmfsStatsIntervalInSecs>
<!-- Min value:5 mins Default Value:5 mins - in terms of seconds -->
<!-- Setting it below 5 mins will reset it back to 5 mins,due to perf impact on VMFS -->
<vmfsStatsIntervalInSecs> 300 </vmfsStatsIntervalInSecs>
Confidential or Internal Information
https://bugzilla.eng.vmware.com/show_bug.cgi?id=2580232 change was made ( in 7.0U1)
The relevant PR for this KB https://bugzilla.eng.vmware.com/show_bug.cgi?id=2788282
- Note: hostd datastore refresh invoking VMFS datastore refresh
Vol3GetAttributesVMFS6 -> Res3StatVMFS6 can end up in reading a lot of VMFS
metadata.
- The amount of VMFS metadata read would be proportional to both size of VMFS
datastore and the number of VMFS datastores on ESXi server.
Monday, August 16, 2021
FreeBSD DHCP & DNS Server
FreeBSD OS Configuration
FILE /etc/rc.conf
hostname="fbsd01.dpasek.com"
ifconfig_vmx0="inet 192.168.58.1 netmask 255.255.255.0"
defaultrouter="192.168.58.254"
sshd_enable="YES"
ntpd_enable="YES"
ntpdate_enable="YES"
# VMware Tools
vmware_guest_vmblock_enable="YES"
vmware_guest_vmhgfs_enable="YES"
vmware_guest_vmmemctl_enable="YES"
vmware_guest_vmxnet_enable="YES"
vmware_guestd_enable="YES"
# DNS Server
named_enable="YES"
# DHCP Server
dhcpd_enable="YES"
dhcpd_ifaces="vmx0"
Restart the network configuration:
/etc/rc.d/netif restart
/etc/rc.d/routing restart
Software installation
pkg update
pkg install -y open-vm-tools-nox11
pkg install -y isc-dhcp44-server
pkg install -y bind916
OS Tuning
Edit FILE $HOME/.profile
PS1="[${LOGNAME}@$(hostname)]$ "; export PS1
FILE /usr/local/etc/dhcpd.conf
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "example.org";
option domain-name-servers ns1.example.org, ns2.example.org;
default-lease-time 600;
max-lease-time 7200;
# Use this to enble / disable dynamic dns updates globally.
#ddns-update-style none;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
#authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
####################################################
# DC-MGMT subnet declaration
####################################################
subnet 192.168.4.0 netmask 255.255.255.0 {
range 192.168.4.148 192.168.4.198;
option routers 192.168.4.254;
option domain-name-servers 192.168.4.5;
option domain-search "home.uw.cz";
option broadcast-address 192.168.4.255;
}
####################################################
# CAMPUS subnet declaration
####################################################
subnet 192.168.5.0 netmask 255.255.255.0 {
range 192.168.5.100 192.168.5.199;
option routers 192.168.5.254;
option domain-name-servers 192.168.4.5;
option domain-search "home.uw.cz";
option broadcast-address 192.168.5.255;
}
####################################################
# HOME-AUTOMATION subnet declaration
####################################################
subnet 192.168.7.0 netmask 255.255.255.0 {
range 192.168.7.100 192.168.7.199;
option routers 192.168.7.254;
option domain-name-servers 192.168.4.5;
option domain-search "home.uw.cz";
option broadcast-address 192.168.7.255;
}
####################################################
# STATIC ASIGNMENTS
####################################################
host printer {
# MX350 - lan
# hardware ethernet 00:1e:8f:89:59:4e;
# wifi
# MX350 - wifi
# hardware ethernet 00:1e:8f:df:e0:f5;
# MB2750 - lan
# hardware ethernet f8:0d:60:24:ab:85;
# MB2750 - wifi
hardware ethernet 00:1e:8f:89:59:4e;
fixed-address 192.168.5.10;
}
hardware ethernet 00:C0:B7:CE:40:D9;
fixed-address 192.168.4.11;
option host-name "apc01";
option domain-name "home.uw.cz";
}
host apc02 {
hardware ethernet 00:C0:B7:60:D6:93;
fixed-address 192.168.4.12;
option host-name "apc02";
option domain-name "home.uw.cz";
}
FILE /usr/local/etc/namedb/named.conf
options {
// All file and path names are relative to the chroot directory,
// if any, and should be fully qualified.
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-query { any; };
allow-transfer { any; };
// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
listen-on { 127.0.0.1; 192.168.4.5; };
// These zones are already covered by the empty zones listed below.
// If you remove the related empty zones below, comment these lines out.
disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
forwarders {
8.8.8.8; 8.8.4.4;
};
};
// The traditional root hints mechanism. Use this, OR the slave zones below.
zone "." { type hint; file "/usr/local/etc/namedb/named.root"; };
// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
zone "localhost" { type master; file "/usr/local/etc/namedb/master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
zone "0.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/localhost-reverse.db"; };
// "This" Network (RFCs 1912, 5735 and 6303)
zone "0.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// Private Use Networks (RFCs 1918, 5735 and 6303)
zone "10.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// Shared Address Space (RFC 6598)
zone "64.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "65.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "66.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "67.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "68.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "69.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "70.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "71.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "72.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "73.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "74.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "75.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "76.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "77.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "78.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "79.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "80.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "81.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "82.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "83.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "84.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "85.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "86.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "87.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "88.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "89.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "90.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "91.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "92.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "93.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "94.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "95.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "96.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "97.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "98.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "99.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "100.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "101.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "102.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "103.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "104.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "105.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "106.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "107.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "108.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "109.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "110.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "111.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "112.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "113.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "114.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "115.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "116.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "117.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "118.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "119.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "120.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "121.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "122.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "123.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "124.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "125.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "126.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "127.100.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// Link-local/APIPA (RFCs 3927, 5735 and 6303)
zone "254.169.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IETF protocol assignments (RFCs 5735 and 5736)
zone "0.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
zone "2.0.192.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "100.51.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "113.0.203.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// Router Benchmark Testing (RFCs 2544 and 5735)
zone "18.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "19.198.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IANA Reserved - Old Class E Space (RFC 5735)
zone "240.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "241.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "242.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "243.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "244.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "245.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "246.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "247.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "248.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "249.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "250.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "251.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "252.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "253.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "254.in-addr.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Unassigned Addresses (RFC 4291)
zone "1.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "3.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "4.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "5.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "6.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "7.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "8.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "9.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "a.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "b.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "c.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "d.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "e.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "0.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "1.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "2.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "3.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "4.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "5.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "6.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "7.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "8.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "9.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "a.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "b.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "0.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "1.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "2.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "3.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "4.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "5.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "6.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "7.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 ULA (RFCs 4193 and 6303)
zone "c.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "d.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Link Local (RFCs 4291 and 6303)
zone "8.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "9.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "a.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "b.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
zone "c.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "d.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "e.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "f.e.f.ip6.arpa" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
// IP6.INT is Deprecated (RFC 4159)
zone "ip6.int" { type master; file "/usr/local/etc/namedb/master/empty.db"; };
zone "home.uw.cz" {
type master;
file "/usr/local/etc/namedb/master/home.uw.cz.db";
};
zone "robo-p6.uw.cz" {
type slave;
file "/usr/local/etc/namedb/slave/robo-p6.uw.cz.slave";
masters {
192.168.162.250;
};
notify yes;
};
FILE /usr/local/etc/namedb/master/home.uw.cz.db
$TTL 10800
home.uw.cz. IN SOA ns1.home.uw.cz. dpasek.home.uw.cz. (
2022011101 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
300 ; Negative Response TTL
)
; DNS Servers
IN NS ns1.home.uw.cz.
; MX Records
; IN MX 10 mx.example.org.
; IN MX 20 mail.example.org.
; Segment VLAN 4 - 192.168.4.0/24
is01 IN A 192.168.4.4
ns1 IN A 192.168.4.5
apc01 IN A 192.168.4.11
apc02 IN A 192.168.4.12
;ns2 IN A 192.168.4.20
nas-sata IN A 192.168.4.21
nas-ssd IN A 192.168.4.22
mwin01 IN A 192.168.4.23
mwin02 IN A 192.168.4.25
syslog IN A 192.168.4.51
vro IN A 192.168.4.53
vrepl IN A 192.168.4.54
backup IN A 192.168.4.55
temp-garage IN A 192.168.4.94
nsxm IN A 192.168.4.99
vc01 IN A 192.168.4.100
esx01 IN A 192.168.4.101
esx02 IN A 192.168.4.102
esx03 IN A 192.168.4.103
esx04 IN A 192.168.4.104
esx21 IN A 192.168.4.121
esx22 IN A 192.168.4.122
esx23 IN A 192.168.4.123
esx24 IN A 192.168.4.124
esx01-oob IN A 192.168.4.201
esx02-oob IN A 192.168.4.202
esx03-oob IN A 192.168.4.203
esx04-oob IN A 192.168.4.204
esx21-oob IN A 192.168.4.221
esx22-oob IN A 192.168.4.222
esx23-oob IN A 192.168.4.223
esx24-oob IN A 192.168.4.224
sw-dc-access IN A 192.168.4.253
sw-dc-core IN A 192.168.4.254
; Segment VLAN 5 - 192.168.5.0/24
printer IN A 192.168.5.10
; Segment VLAN 8 - 192.168.8.0/24
tdm IN A 192.168.8.1
vha IN A 192.168.8.2
shd IN A 192.168.8.3
; Segment VLAN 31 - 192.168.31.0/24
n-vc01 IN A 192.168.31.100
n-esx01 IN A 192.168.31.101
n-esx02 IN A 192.168.31.102
n-esx03 IN A 192.168.31.103
n-esx04 IN A 192.168.31.104
n-esx05 IN A 192.168.31.105
n-esx06 IN A 192.168.31.106
n-esx07 IN A 192.168.31.107
n-esx08 IN A 192.168.31.108
n-esx09 IN A 192.168.31.109
n-esx10 IN A 192.168.31.110
; Aliases
loginsight IN CNAME syslog.home.uw.cz.
FILE /usr/local/etc/namedb/master/p6.uw.cz.db
$TTL 86400
@ IN SOA ns1.p6.uw.cz. admin.p6.uw.cz. (
2024030902 ; Serial
3600 ; Refresh
1800 ; Retry
1209600 ; Expire
86400 ) ; Minimum TTL
IN NS ns1.p6.uw.cz.
gw1 IN A 10.160.4.254
ns1 IN A 10.160.4.254
mwin01 IN A 10.160.4.24
mlin01 IN A 10.160.4.26
nsxm IN A 10.160.4.99
vc01 IN A 10.160.4.100
esx11 IN A 10.160.4.111
esx12 IN A 10.160.4.112
esx13 IN A 10.160.4.113
esx14 IN A 10.160.4.114
Friday, July 2, 2021
Thursday, July 1, 2021
VMcrypt
Data At Rest Encryption with VM & vSAN Encryption
vSphere 6.5 - VM and vSAN Encryption FAQ
VMcrypt
https://wiki.eng.vmware.com/VMcrypt
VMcrypt technicke podrobnosti
https://wiki.eng.vmware.com/TechPubs/9595VMcryptDocPlan
oficialna dokumentacia k vSphere
Friday, June 25, 2021
likewise Active Directory - black list of domain controllers
1. Set the black listed DCs
/opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs ip1,ip2 Eg # /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs 10.108.124.21,10.108.124.23
2. Restart the lwregistry.
# /opt/likewise/bin/lwsm restart lwreg
Wednesday, June 23, 2021
Meeting Minutes format
Dear Team,
Thank you for attending today’s regular bi-weekly call. As always, we really appreciate your update regarding the current status of all on-going activities connected with XXXXXXX.
Below you can find my very short meeting minutes:
Meeting: TBD
Recording: URL
Agenda / discussed topics:
- Topic 1: description
- Topic 2: description
Next steps / follow-ups:
- step1
- step2
- step3
Thank you and have a great evening!
Kind Regards,
Friday, June 4, 2021
Google Cloud : TerraForm
Google Terraform Provider initialization
file provider.tf
provider "google" {}
In shell, run:
terraform init
NOW YOU CAN WORK ON TERRAFORM LOGICAL SPECIFICATIONS.
SEE EXAMPLE BELOW IN THE BOTTOM OF PAGE.
Other commands ...
To rewrite the Terraform configuration files to a canonical format and style, run the following command:
terraform fmt
To initialize Terraform, run the following command
terraform init
To create an execution plan, run the following command:
terraform plan
To apply the desired changes, run the following command:
terraform apply
RESOURCE TEMPLATE
TerraForm Google RESOURCE TEMPLATE
# Create the mynetwork network
resource [RESOURCE_TYPE] "mynetwork" {
name = [RESOURCE_NAME]
#RESOURCE properties go here
}
DOCUMENTATION
Google Cloud TerraForm provider documentation
https://registry.terraform.io/providers/hashicorp/google/latest/docs
Terraform Module variables
https://learn.hashicorp.com/tutorials/terraform/aws-variables
EXAMPLE OF GOOGLE INFRASTRUCTURE AS A CODE
mynetwork.tf
# Create the mynetwork network
resource "google_compute_network" "mynetwork" {
name = "mynetwork"
#RESOURCE properties go here
auto_create_subnetworks = "true"
}
# Add a firewall rule to allow HTTP, SSH, RDP and ICMP traffic on mynetwork
resource "google_compute_firewall" "mynetwork-allow-http-ssh-rdp-icmp" {
name = "mynetwork-allow-http-ssh-rdp-icmp"
#RESOURCE properties go here
network = google_compute_network.mynetwork.self_link
allow {
protocol = "tcp"
ports = ["22", "80", "3389"]
}
allow {
protocol = "icmp"
}
}
# Create the mynet-us-vm instance
module "mynet-us-vm" {
source = "./instance"
instance_name = "mynet-us-vm"
instance_zone = "us-central1-a"
instance_network = google_compute_network.mynetwork.self_link
}
# Create the mynet-eu-vm" instance
module "mynet-eu-vm" {
source = "./instance"
instance_name = "mynet-eu-vm"
instance_zone = "europe-west1-d"
instance_network = google_compute_network.mynetwork.self_link
}
instance/main.tf
variable "instance_name" {}
variable "instance_zone" {}
variable "instance_type" {
default = "n1-standard-1"
}
variable "instance_network" {}
resource "google_compute_instance" "vm_instance" {
name = "${var.instance_name}"
zone = "${var.instance_zone}"
machine_type = "${var.instance_type}"
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
network_interface {
network = "${var.instance_network}"
access_config {
# Allocate a one-to-one NAT IP to the instance
}
}
}
Thursday, June 3, 2021
Google Cloud - how to get my IP address
Here is the command
curl -H "Metadata-Flavor: Google" http://169.254.169.254/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip && echo
Generate a CSEK key
AES-256 base-64 key.
Run the following command to create a key:
python3 -c 'import base64; import os; print(base64.encodebytes(os.urandom(32)))'
Wednesday, May 26, 2021
How to monitor / report UNMAP bandwidth for particular datastore
The following command brings the correct information by using UnmapBandwidthSpec instead of UnmapGranularity.
Get-Datastore LCD002_001 | % {$_.ExtensionData.Info.Vmfs.UnmapBandwidthSpec | Select Policy,FixedValue}
What are the available pciSlotNumbers for RHEL8 VMs?
Summary
What are the available pciSlotNumbers for RHEL8 VMs?
Cause
All normally created Virtual Machines with Virtual Hardware version 7 to 19 will have the same configuration:
pciBridge0: pciBridge, 1 function
pciBridge4: pcieRootPort, 8 functions
pciBridge5: pcieRootPort, 8 functions
pciBridge6: pcieRootPort, 8 functions
pciBridge7: pcieRootPort, 8 functions
VMs with this configuration can have up to 32 PCIe devices with the slot number sequence.
160, 192, 224, 256,
1184, 1216, 1248, 1280,
2208, 2240, 2272, 2304,
3232, 3264, 3296, 3328,
4256, 4288, 4320, 4352,
5280, 5312, 5344, 5376,
6304, 6336, 6368, 6400,
7328, 7360, 7392, 7424,
Resolution
It is possible to manually configure a VM to have a different pciBridge configuration, and therefore different pciSlotNumbers but this should only be performed in cooperation with VMware Engineering.
Saturday, May 15, 2021
AWS - deploy apache web server
#!/bin/bash
# Install Apache Web Server and PHP
yum install -y httpd mysql amazon-linux-extras install -y php7.2
chkconfig httpd on
service httpd start
Monday, May 10, 2021
How to create a file in unix like system?
How to create a file in unix like system?
# cat > text.txt << EOF This is the file. EOF
Monday, April 26, 2021
VMware Process for obtaining Internal Use Licenses from March, 2021
General Information:
· Greetings, if you need licenses for Internal use, there are two programs to be aware of as an alternative to licenses previously furnished on BuildWeb
that are approved by Legal and Compliance:
- For Internal licenses for individual use, I suggest that you apply for a set of individual licenses through the VMware Employee License program (vELP)
portal at https://velp.eng.vmware.com, that provides a set of over 40 uniquely assigned licenses for allowed internal uses, as explained on the Portal.
Over 2,100 employees already participate and have been assigned over 95,000 unique licenses.
- For Internal licenses for individual use that are not in the package that vELP Participants receive, or need special entitlements, you can apply for
Internal Use licenses through an application process. This same application process is followed if you need long-expiration licenses, such as for PM/PMM
or GSS Labs, or Permanent licenses for our Production Systems.
· To apply for an Internal use license for cases where the vELP Licenses are not appropriate for the reasons cited above, you:
- Fill out the form downloaded from https://onevmw.sharepoint.com/teams/WWSSO-License-Management-Info/Shared%20Documents/Forms/AllItems.aspx
The latest available License SKU guidance is always at
https://onevmw.sharepoint.com/teams/WWSSO-License-Management-Info/SitePages/WWSSO-License-Management-Guide.aspx
- Obtain your Manager’s approval
- Email both the form and your manager’s approval to wwbo-license-management@vmware.com ✉
There is no charge to your BU/Cost Center to participate in the vELP program or to request Internal use licenses.
Thank you,
Bob Slovick
Senior Program Manager - License Management
Worldwide Sales Strategy & Operations WWSSO - License Management (he/him/his)
VMware Inc - slovick@vmware.com Home Office-Colorado USA MDT/UTC -6 AD0HI
VCP #489 VCP 2-4 VCP-DCV 5-6
VMware Social Internal Evaluation License Support Space: https://social.vmware.com/spaces/18438/feed
The latest available License SKU guidance is always at https://onevmw.sharepoint.com/teams/WWSSO-License-Management-Info/SitePages/WWSSO-License-Management-Guide.aspx
The latest available License Request form is always at https://onevmw.sharepoint.com/teams/WWSSO-License-Management-Info/Shared%20Documents/Forms/AllItems.aspx
To escalate a request, please forward the case information and the reasons for the escalation to license-management-escalations@vmware.com
If you have a confidential license request, or information about licensing of a confidential nature, please email it to WWBO-License-Management-Confidential-Requests@vmware.com
VMware Employee License Program
#489 VCP 2-4 VCP-DCV 5-6
Subscribe to:
Comments (Atom)