Kubernetes, Nutanix, Virtualization

[Shorts] Connecting to Nutanix Karbon using Windows

Nutanix has released a product called “Karbon” which according to the website allows you to:

Get a production-ready Kubernetes Cluster up and running in 20 minutes.

Now, I’ll leave it up to the marketing people to verify if it takes 20 minutes or not. But once you have your cluster up and running, our developers assumed that anyone connecting to the Karbon cluster will use a Linux based operating system.

Since that isn’t the case for everyone, and I like to try other things, I wanted to see if I can connect to the Karbon cluster using Microsoft Windows as the operating system. This works fine, but there will be a couple of things you need to do.

First, log on to your Karbon cluster, select the cluster that you want to connect to, and from the “actions” menu at the top select the “SSH Access option”, which will give you a dialog window with a download link:

Screenshot 2019-08-07 at 15.19.08

Download the file in a location of your choice. Next, open the file, but open it in an editor that is capable of properly handling files created on Linux. This is important since there is a difference in the way a press of the “Enter” key is written in text files between the operating systems.

Once the file is opened, you will see two larger blocks of information. One part can be found in the “private_key” part of the file, and one in the “user_cert” part of the file. First off, select all of the lines after:

private_key='

So essentially you are copying everything from (and including):

-----BEGIN RSA PRIVATE KEY-----

down to (and including):

-----BEGIN RSA PRIVATE KEY-----

But make sure you do not include the single quote at the start and the end. Take this and save it as a new file, for example called “karbon-user”

Then, do the same thing for everything following:

user_cert='

And copy everything starting with “ssh-rsa-cert-v01” down to the last character of that long string, but do not include the final single quote. Save that as a file for example called  “karbon-user-cert.pub”

Next up, start PowerShell on your Windows system as an administrator and start the ssh-agent service:

Start-Service ssh-agent

And if you want to have it start automatically:

Set-Service ssh-agent -StartupType Automatic

Then add your users private key file that you save before:

ssh-add C:\Users\Bas\Downloads\karbon-user

Obviously replace the path above to the location on your system 😉

Next, the only thing you have to do is ssh into the IP address of your Karbon VM while passing the public key we also saved before:

ssh -i C:\Users\Bas\Downloads\karbon-user-cert.pub nutanix@192.168.0.5

Again, replace the path to the file, and replace the IP to your VMs IP. But once that is going, you can connect to your Karbon VMs and work with them without having to set up a Linux system. 🙂

Screenshot 2019-08-07 at 15.39.54

EMC, Symmetrix, V-MAX, vCenter Operations, Virtualization, VMware

Setting up the EMC Symmetrix adapter on the vCenter Operations Manager 5 vApp

I present a lot on vCenter Operations Manager, a pretty neat monitoring tool from VMware. I like this tool a lot, because getting started with it is easy enough, and you have a plethora of features once you dive deeper in to it, and the best part about it? If you use the “big” version, -Enterprise or Enterprise Plus that is-, you can even monitor your applications and non-virtualized infrastructure. To monitor your things that go beyond your virtual machines, you can install so called “adapters”. In a nutshell, such an adapter is nothing more than a piece of software that tells vCenter Operations how to connect to things, and how to interpret the results it gets back. Now, EMC has created such an adapter for their VMAX and Symmetrix storage arrays, and has created a document that tells you how to set up and configure the adapter. That way, you can get loads of information from your storage system inside of vCenter Operations. Great stuff, right? Original image from: http://my.opera.com/supergreatChandu8/albums/showpic.dml?album=5466862&picture=82475462Yeah ok, maybe not so great. The biggest problem, is that the documentation seems to have been created for the normal installable version of vCenter Operations. However, VMware has also created a version in the form of an appliance, a so called vApp. You download the files, deploy the vApp, enter the IP-addresses of both virtual machines that are contained in the vApp, and away you go. Wonderfully easy to install, and besides certain limits in scalability, it offers pretty much the same functionality as the normal installer. This is where the problem starts if you want to use the EMC Symmetrix adapter. You can find almost all adapters on the Integrien FTP site, and there’s a folder containing all the files you need to get started with the Symmetrix adapter right here. My teammate Matt Cowger actually wrote a nice blog post on how to configure and set up the Symmetrix adapter. This works like a charm, except for one tiny thing that you will run in to when using the vCenter Operations vApp. When you go to create an adapter instance, you need to give it a name, indicate if you want to auto discover everything, and you need to input a path to the “EMC Symmetrix Main Input Folder”. This is the folder where you actually archive all of the performance and configuration data from your storage system. The documentation tells you that this should be:

* If the main input folder is on a remote Windows machine, you must share the folder before you add the adapter instance. Do not map the main input folder. Windows services do not work with mapped drives. * If the main input folder is on a remote Linux machine, you must mount the folder to the Collector server before you add the adapter instance.

Problem being, that if you actually have your Solutions Enabler host running on Windows, you need to input a UNC path in the format of \\servername\sharename. But the problem here is that the virtual machines inside the vApp do not come with any access methods for Windows shares. You won’t find any tools like mount.cifs, smbclient or even have the option to specify smbfs as the type of file system to mount. And that means what? Well, you will have two options to overcome this situation. You can either install the Services for Unix/Services for NFS on your Windows host and set up an NFS share on your Windows machine. Or, you can migrate your Solutions Enabler host to a Linux machine and set up everything there. OK, so how do I configure this stuff under Linux? Glad you asked. You can follow some of the steps from the post that Matt created, but I’m going to write them down here anyway so you will have one page with all the steps you need. I’m going to assume that you have already set up your Linux machine, and that you have installed the Solutions Enabler package. Go in to the following file: /usr/emc/API/symapi/config and add these following lines at the end of the file, then make sure you save your changes (create a backup of the original, this is always a good idea):

storstpd:dmn_run_spa = disable
storstpd:dmn_run_smc = disable
storstpd:dmn_run_ttp = enable
storstpd:dmn_run_ttp_on_sp = disable
storstpd:dmn_run_rtc = disable
storstpd:ttp_collection_interval = 5
storstpd:ttp_rdflnk_metrics = enable
storstpd:ttp_se_tcp_metrics = enable
storstpd:ttp_se_nw_metrics = enable
storstpd:ttp_dev_metrics = disable
storstpd:ttp_disk_metrics = disable
storstpd:ttp_dgdev_metrics = enable
storstpd:ttp_se_tcp_metrics = enable
storstpd:ttp_se_nw_metrics = enable
storstpd:ttp_se_nwi_metrics = enable
storstpd:ttp_re_sg_metrics = enable
storstpd:ttp_re_nwc_metrics = enable
storstpd:ttp_rdflnk_metrics = enable
storstpd:ttp_se_tcp_metrics = enable
storstpd:ttp_se_nw_metrics = enable
storstpd:use_compression = enable

Next, restart the storstpd daemon:

/opt/emc/SYMCLI/bin/stordaemon shutdown storstpd /opt/emc/SYMCLI/bin/stordaemon start storstpd

Check if the daemon is up and running again by issuing the following command. The first line should show the Daemon State as “Running”:

/opt/emc/SYMCLI/bin/stordaemon show storstpd

Now, since the Analytics VM will be actually collecting the information from the adapter, it needs to be able to access the files from your Solutions Enabler host. Since the Analytics VM will be running the collection process as a user called “Admin”, we need to consider something. The admin user on the vCenter Operations appliance will be running with a user ID (UID) of 1000, and a group ID (GID) of 1003. That means that we should either install our Solutions Enabler using a user with the same user ID and group ID, or we need to map some things so that the admin user can actually access the files later on. In order to export the directory with the required files for the Symmetrix adapter, we will add the following line to /etc/exports: /usr/emc/API/symapi/stp *(rw,insecure,all_squash,anonuid=0,anongid=0) Obviously, this isn’t the best you can do from a security perspective, so feel free to change these options as needed for your environment, but basically what we are doing here is this:

  • The * just means that all IP-addresses have access. You can change this to for example the IP of the analytics VM.
  • RW means that the export is created with read and write access.
  • Insecure means that clients can use non-reserved ports.
  • All_squash means that all users get mapped to the anonymous user account
  • anonuid=0 means that the anonymous user ID will get mapped to the user ID 0. Be careful since this is the root account!
  • anonguid=0 means that the anonymous group ID will get mapped to the group ID 0. Again, this is the root group!

If you did install your Solutions Enabler as a different user, make sure that you map the anonuid and anonguid to the respective numerical IDs, to allow access to the files we are going to export. Now, we simply restart the NFS server, or have it re-read its config should it already be online, using:

/etc/init.d/nfsserver restart

or

exportfs –ra

We can check if the export is working, using the following command:

showmount –e localhost

Now, we create a scheduled job to archive the Solutions Enabler file. To do that, add the following line to your crontab: 2-57/5 * * * * /opt/emc/SYMCLI/bin/stordaemon action storstpd -cmd archive This will cause the job start at 2 minutes past the hour, and run in 5 minute intervals. Check under /usr/emc/API/symapi/stp/ttp, to see if you have a new directory. Normally the directory should be the serial number of your storage array, and contain compressed files inside of that directory that contain the information the Symmetrix adapter will need. Final thing to do right now, is log on to the analytics VM, and create a folder where we will mount the required files. For example create a directory called /media/VMAX. Once you have created the directory, edit /etc/fstab to contain the following line: 10.10.10.10: /usr/emc/API/symapi/stp /media/VMAX nfs rw,lock 0 0 Make sure you change the IP address to match that of your Solutions Enabler host, and then mount the directory using the following command:

mount /media/VMAX

If you don’t have a firewall blocking communication, you should now be able to traverse the subdirectories and access the files. Finally, you can now configure the adapter, and input the directory you just mounted as the “EMC Symmetrix Main Input Folder”. So, in the text field, simply enter the following as the path:

/media/VMAX/ttp

If you test the adapter now, you should see it come back successfully, and after giving it a bit of time, start working with the data you are now importing from your VMAX/Symmetrix system. 🙂

General

Something fun. The Linux alternative to Edgar Allan Poe’s “The Raven”

I was talking to some colleagues this morning and I mentioned a parody of Edgar Allan Poe’s poem “The Rave”. Since my colleagues didn’t know this poem existed, I figured there might be more people out there that are not aware of it, and I like what they did. So without any further ado I present to you:

The Penguin – by Rob Flynn and Jeramey Crawford

Once upon a term’nal dreary, while I hack’ed, weak and weary,
Over many a quaint and curious volume of forgotten code–
While I nodded, nearly napping, suddenly there came a beeping,
As of some one gently feeping, feeping using damn talk mode.
“‘Tis some hacker,” I muttered, “beeping using damn talk mode–
Only this. I hate talk mode.”

Ah, distinctly I remember it was in the bleak semester,
And college life wrought its terror as the school year became a bore.
Eagerly I wished for privledges;–higher access I sought to borrow
For my term’nal, unceasing sorrow–sorrow for a file called core–
For the rare and radiant files of .c the coders call the core–
Access Denied. Chown me more.

“Open Source,” did all mutter, when, with very little flirt and flutter,
In there stepped a stately Penguin of the saintly days of yore.
Quite a bit obese was he; having eaten lots of fish had he,
But, by deign of Finnish programmer, he sat in the middle of my floor–
Looking upon my dusty term’nal in the middle of my floor–
Came, and sat, and nothing more.

Then the tubby bird beguiling my sad code into shining,
By the free and open decorum of the message that it bore,
“Though thy term’nal be dusty and slow,” he said, “Linux be not craven!”
And thus I installed a new OS far from the proprietary shore–
The kernel code open but documentation lacking on this shore.
Quoth the Penguin, “pipe grep more!”

Much I marvelled this rotund fowl to hear discourse so plainly,
Though its answer little meaning–little relevancy bore;
For we cannot help believing that no living human being
Ever yet was blessed with seeing bird in the middle of his floor–
Bird or beast sitting in the middle of his cluttered floor,
With such instructions as “pipe grep more.”

But the Penguin, sitting lonely in that cluttered floor, spoke only
Those words, as if its soul in that instruction he did outpour.
Nothing more did he need utter; understood did I among that clutter–
Understood his command as I could scarcely do a few moments before–
I typed as furious as was willed me, understanding just a minute before.
Again the bird said “pipe grep more!”

“Amazing!” said I, “Penguin we will conquor the world if you will!
By the Network that interconnects us–by that Finn we both adore–
We’ll take this very world by storm!” For now grasped I what he’d meant,
The thing I do while searching
/usr/doc/* for that wond’rous lore–
Those compendiums of plaintext documentation and descriptive lore.
Quoth the Penguin, “pipe grep more!”

And the Penguin, never waddling, still is sitting, still is sitting
In the middle of my room and still very cluttered floor;
And his eyes have all the seeming of the free beer I am drinking
And the term’nal-light o’er him glowing throws his shadows on the floor;
And this OS from out the shadows that is pow’ring my term’nal on the floor
Shall be dominating–“Pipe grep more!”