Wanna see this logo while booting your 2.6 kernel? Click here!

13.08.2008 16:14

VMware ESX August 12 bug - Survived!


Some of you may have already heard about the VMware ESX Server 3.5 Update 2 August 12 bug (lovely called KB1006716 by VMware) which has hit thousands of data center farms around the world.
I don't want to complain about bugs in software because we all know that bugs in software do exist and that you can never be sure that there are no bugs, but this bug was a timebomb - which makes it pretty hard to detect it, even after testing.
In my special case, I had upgraded one of my ESX servers to U2 a while ago and it was running very smoothly for more than one week (enough testing for me), so I upgraded the other ESX servers too, all was fine.

Yesterday I received a call from a client who told me that he was unable to start his virtual machine. I suspected the new VI client had issues with the rights management for restricted users and tried to start it with my user, but still no dice.
I then looked at the logfiles and tried several things and after about one hour of troubleshooting I googled for the error messages I got and was redirected to an unresponsive VMware KB article - well, that was the first indicator for something terrible. The site is still down (or at least, _VERY_ slow, waiting for about 5 minutes for it to load now) but fortunately the download of the patch itself was quite fast and so I'm currently upgrading one of my ESX servers to get it all back up and running.
What really bugs me is that you can't even migrate virtual machines away from one host to do the upgrade without downtimes - due to this bug, VMotion only works when migrating the VMs off to not affected hosts.
The good news is, that I have one server in my farm that does currently only host two productive machines (one webserver and one interface server) and both aren't _REALLY_ important, so it's no big deal when they're down for a few minutes after 4pm and that's where I'm currently at.
Server #4 is installing the patch through update manager and when it's back up, I can make all other servers free of virtual machines and do the upgrade without any further downtimes - so far the theory...

13.08.2008 11:18

Configuring my first Linksys SRW224G4 switch


Today I got my first Linksys SRW224G4 switch (I do usually only work with Cisco but the customer looked for something cheaper and so I decided to go for Linksys, a Cisco division).
Alright, plug and play, the Cisco console cable doesn't work so you have to use their serial console cable. Now you get greeted by an ugly interface that reminds me of the good old AS/400 times, log in there and see a somewhat crippled menu where you can just configure a few things, but definetly not everything this switch is capable of.
OK, I activated SSH, HTTPS and so on and tried to connect to the webinterface with Firefox just to find out that the SRW224g4 webgui is broken for gecko based browsers.
Reading through the above mentioned article was really helpful though, especially the comments, where someone said that hitting CTRL-Z when the menu appears gets you into an IOS shell and yes, that works. After you get to the prompt, simply type "lcli", authenticate again et voila, you're in. Damn this freaking web interface, no need for it anymore.

While I was playing around with the IOS interface I tried do a firmware upgrade in parallel using IE7 and the webinterface. After about 30 minuts of waiting for the firmware upgrade to complete, I cancelled it and tried the firmware upgrade from 1.2.1b to 1.2.2b on the CLI using the following commands:
# Save the old firmware
copy image tftp://192.168.0.199/ls-srw224g4-1.2.1b.fw

# Load the new firmware
copy tftp://192.168.0.199/ls_106-12216.ros image

# Reboot the switch
reload
This took about 5 minutes (including backup and reboot) and after reboot the switch was working fine with 1.2.2b (even the ugly login prompt has changed to something more modern).

Unfortunately, the webinterface is now even broken on IE7 as it seems (can't even log in correctly), but I don't mind for now, maybe it's just IE7 or that I didn't allow the webinterface to run and install the MSXML 5.0 active X control (why the hell would a switch need to have such a control running on the client??).

Update: OK, the webinterface works when you enable the HTTP server. I do usually disable HTTP in favor of HTTPS, but I could reproducibly connect to the webserver when HTTP is turned on (in IE7, Firefox is still broken) but I can _NOT_ connect when HTTP is off.

I tend to believe that the people who get fired at Cisco are picked up by Linksys. Good ideas sometimes, good prices, mostly good quality and functionality, but such annoyances might have been the reason why they got fired at Cisco.

08.08.2008 22:05

About online communities


You know what's going on in online communities. You join them, you want to be part of something really cool, you post a lot there, you try to help/contribute/troll/whatever and then you leave again because there's something that you don't like or that doesn't get you further (in my case, it's mostly stupid people around there in these so-called communities without any kind of social skills).

Some weeks ago I was searching for the answer to a really tough driver problem on Vista (it finally turned out to be a hardware issue) and again stumbled upon http://www.experts-exchange.com (you know, that's always the first search result in Google with exactly the same question that you have and you can't see the answer without paying for it).

I was --||-- <- this far away from registering an account with them until I read the FAQ and Terms of Use there just to find out that you can get full premium access for free (ok, for zero money but not for doing nothing).

Sign up as expert, answer some questions, get good grades on your answers and once you earned 10,000 points (about 5 perfectly answered questions), you're part of the community (To keep your status, earn 3,000 points each month with a one month grace period).

OK, I signed up and started answering posts (to be able to finally see the answer to the question I was looking for). 3 days later, when I felt the need for a glass of water and my blatter was so full that I was hardly able to get to the toilet in time, I earned a few ten-thousand points already and was climbing up the top 10 ranks in all my favourite zones. I forgot about my original question and was heading for the free T-shirt you get when you earn your first certificate (50,000 points in a single zone).
About two weeks later, the T-shirt was on the way and another two weeks later I held it in my hands.

EE is not really a community if you're just answering or asking questions and don't talk to the others, but if you do, you'll find real experts in all major tech zones and you'll definetly find answers to most of your tech-related questions, so I can really only recommend this platform. The next really good thing is that you try to answer questions as fast as possible because someone else could "steal" _YOUR_ points and so you can really test your knowledge or fast-solving skills. The few weeks I'm now part of this community I learned loads of stuff I didn't know before just by trying to help other people (of course, I've never asked a question by now, I'm much too proud to ask for help...).

But that's not all, the probably greatest benefit from having joined EE by now is that I did already (and will continue to) earn quite a nice amount of €€ because people asked me to help them with other projects and wanted to pay for this help :)

Oh, and of course, here's my cert:
Experts Exchange Linux Master Certificate

08.08.2008 21:37

Setting up a basic Bind DNS configuration for small networks


If you ever need to set up a Bind DNS for a small network using one internal domain and you are using such stone-age distributions like CentOS or similar crap that doesn't install example configuration files, you will probably need to look up the syntax for the zone- and configuration files (I need to do that always and it just takes time).

So, here's a working copy-paste-forget setup:

Prerequisites
  • I'm assuming that the directory "/etc/bind" exists...
  • ... and that this directory is writable by the named user (if you want to have automatic updates to your zones)
  • you do _NOT_ want to use your providers DNS servers as forwarders
  • your local network is 192.168.0/24, your gateway is .254 and your DNS server is .1
  • Replace all occurences of HOSTNAME in the files below with the hostname of your DNS server
  • Replace all occurences of YOURDOMAIN in the files below with your local domain name
  • all the files mentioned below need to be put into the /etc/bind directory.
  • If the DHCP server is not under your control (or something that doesn't support dynamic DNS updates), you configured your clients to register to the DNS server properly (you might need to tick the checkbox "Include domain name on updates" on XP clients)
  • you know that in the above mentioned case anyone can update your DNS server and depending on your network that is probably insecure

/etc/bind/named.conf
include "/etc/bind/named.conf.options";

zone "." {
        type hint;
        file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

include "/etc/bind/named.conf.local";

/etc/bind/named.conf.options
options {
	// On CentOS and other distributions you might need to change this
	// directory
        directory "/var/cache/bind";

        // ****** Enable this section if you want to use your provider DNS *****
        // forwarders {
        //      0.0.0.0;
        // };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

/etc/bind/named.conf.local
zone "YOURDOMAIN.local" IN {
  type master;

  // ***** Enable this option if you don't have access to the DHCP *****
  // ***** server on your network (e.g. if your firewall does DHCP *****
  // allow-update { any; };

  file "/etc/bind/db.YOURDOMAIN.local";
};

zone "0.168.192.in-addr.arpa" in {
  type master;

  // ***** Enable this option if you don't have access to the DHCP *****
  // ***** server on your network (e.g. if your firewall does DHCP *****
  // allow-update { any; };

  file "/etc/bind/db.0.168.192";
};

/etc/bind/db.0
;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.

/etc/bind/db.127
;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
1.0.0   IN      PTR     localhost.

/etc/bind/db.255
;
; BIND reverse data file for broadcast zone
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.

/etc/bind/db.local
;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     localhost. root.localhost. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      localhost.
@       IN      A       127.0.0.1

/etc/bind/db.root
; <<>> DiG 9.2.3 <<>> ns . @a.root-servers.net.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18944
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     3600000 IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     3600000 IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     3600000 IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     3600000 IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     3600000 IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     3600000 IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     3600000 IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     3600000 IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     3600000 IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     3600000 IN      A       198.32.64.12
M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33

/etc/bind/db.YOURDOMAIN.local
;/etc/bind/db.YOURDOMAIN.local
$TTL 1D
@               IN      SOA     HOSTNAME.YOURDOMAIN.local. hostmaster.HOSTNAME.YOURDOMAIN.local. (
                                1       ; Serial
                                8H      ; Refresh 8 Hours
                                2H      ; Retry 2 hours
                                1W      ; expiry 1 week
                                1D      ; minimum 1 day
                )

                IN      NS      HOSTNAME.YOURDOMAIN.local.
                IN      A       192.168.0.1

localhost       IN      A       127.0.0.1
HOSTNAME        IN      A       192.168.0.1
gateway         IN      A       192.168.0.254

/etc/bind/db.0.168.192
$TTL 1D
@       IN      SOA     HOSTNAME.YOURDOMAIN.local.   hostmaster.HOSTNAME.YOURDOMAIN.local. (
                        1       ; Serial
                        8H      ; Refresh 8 hours
                        2H      ; retry 2 hours
                        1W      ; expiry 1 week
                        1d      ; minimum 1 day
        )
        IN      NS      HOSTNAME.YOURDOMAIN.local.
        IN      A       192.168.0.1

1       IN      PTR     HOSTNAME.YOURDOMAIN.local.
254     IN      PTR     gateway.YOURDOMAIN.local.

08.08.2008 21:07

New VPN client versions available for download


You can now download the latest and greatest Cisco VPN clients from http://projects.tuxx-home.at.

I did update all of them yesterday and the AnyConnect client will follow soon.
The latest linux client (4.8.02) seems to work good enough with linux kernel 2.6.26+ (although I haven't tested it on my own, but I read some user comments about it on http://forum.tuxx-home.at.

08.08.2008 21:04

First official LXTC release in a few weeks


I'm working hard to finally release LXTC to the public (internal version numbering is 1.9 for the next version, but it's still beta), so when that becomes available, I'll release it on http://lxtc.tuxx-home.at.
Thanks for all your questions to this software!

08.08.2008 20:59

My first (real) Bootcamp installation


A few months of no updates in here, but that'll change now :) I'm going to write down what really bugged me the last few weeks - at least the stuff I can still remember.

Yesterday I had to do my first (real) bootcamp installation.
Of course as always I didn't read the documentation and I thought it would be more complicated then it actually was.
I guess my biggest mistake was that I assumed that this whole Bootcamp stuff is really cool (well, it has to, hey, it's from Apple!!11).
After starting the bootcamp wizard I created a windows partition and afterwards I put in the Windows CD. After reboot, it started to install everything and when it first prompted me for the destination partition during Windows setup, I realized that bootcamp does not what I expected from it (I thought it would create a pre-defined answer file for the windows installation and does everything automatically).
OK, I then recognized that the partition bootcamp created was FAT32 (!!), hey, that's not really the best platform to run XP on it. At this point in time I wasn't fully convinced that Bootcamp is crap, so I thought "There must be some really important and cool files on the pre-created FAT32 volume" but I still wanted to use NTFS for my windows installation. So I decided to convert the existing volume in the XP installer. Bad idea. After reboot, I got a "No media found" prompt when the system tried to boot from the disk.

I somewhere read that Bootcamp 1.3 was only FAT32, but I had 2.1 installed, so I opted for more. I did a complete reset on this mess and started over just to find out that even leaving the FAT32 partition in place (I wanted to convert it later on) didn't work. Still: "No media found".
OK, so there's definetly something wrong with the bootrecord on this partition and Bootcamp is just an Apple Wizard for "Create a partition and label it Bootcamp" but as you can't label a partition, you need to create a filesystem on top of it and as MacOSX still isn't able to handle NTFS properly out of the box, it created a FAT32 disk (don't know what it would have done when I would have increased the partition size beyond Windows' FAT32 limit).
To keep things short: What finally worked was to let the Windows installer reformat the already created partition with NTFS so that the bootrecord gets created properly.
To make this partition "visible" to MacOSX I had to manually label it "BOOTCAMP" and that's all it took to make this work.