Poor Man’s vCPU & vRAM Right Size Recommendation Tool

VMware vCenter Operations Management Suite can be expensive. If you are like me and there is no budget for vCOPs, this script will give you a vCPU & vRAM recommendations based off of past virtual machine usage. The following script will connect to your vCenter, grab historical performance data and provide recommendations that were designed around two vKernel whitepapers. The following whitepapers are:

 

The script is simple to use only requiring the vCenter parameter to start with all defaults:

PoorMansRecommendations.ps1 -vCenter site1.local.domain

 

Specifies additional authentication information. Grabbing 60 days of past performance instead of the default 30 days:

PoorManRecommendations.ps1 -vCenter site1.local.domain -Username fred -Password root -PastDays 60

 

Specifies more samples for accuracy and using a larger ‘building block’ for memory recommendations:

PoorMansRecommendations.ps1 -vCenter site1.local.domain -PastDays 60 -MaxSamples 25000 -MemoryBuildingBlockMB 1024

 

When running the script interactively, a progress bar be displayed as it calculates recommendations per virtual machine:
Poor Man's Right Sizing

The results:

Poor Man's Recommendations Results

This should only be used as a guidance, point of reference, a conversation point or just a rough estimate. Each environment and workload characteristics are unique, please use your logic along with this data to come to a solution that is right for your environment.

Download the script: PoorMansRecommendations.ps1

Thanks for looking. Please leave any questions or comments below and have a great day!

Tagged , , , , , , ,

Oracle Database Queries in PowerShell, Script Examples

Below are some code examples to help get your data out of an Oracle database into a PowerShell object quickly! The logic to manipulate data is the same regardless of vendor: load any required libraries, define the connection string, setup the connection object, use that connection object for subsequent queries and finally close the connection.

Oracle Data Access Components (ODAC) allows you to run an Oracle complied binary within the .NET framework including PowerShell. When you are working with Oracle queries in PowerShell, it is required to download and install the Oracle Data Access Components prior to accessing a database. Download the components here, bit.ly/1t2W790. Select the appropriate architecture (x86/x86-64) and ensure the correct PowerShell program architecture is being executed with the corresponding Oracle component’s architecture. Failure to do so will lead to binary related errors while loading the assembly in PowerShell.

Load the System.Data.OracleClient Assembly:

### try to load assembly, fail otherwise ###
$Assembly = [System.Reflection.Assembly]::LoadWithPartialName("System.Data.OracleClient")

if ( $Assembly ) {
    Write-Host "System.Data.OracleClient Loaded!"
}
else {
    Write-Host "System.Data.OracleClient could not be loaded! Exiting..."
    Exit 1
}

Setup the connection string and open a database connection:

### connection string ###
$OracleConnectionString = "SERVER=(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracledb.domain.com)(PORT=1521))(CONNECT_DATA=(SERVICE_NAME=oracledb.domain.com)));uid=user;pwd=password;"

### open up oracle connection to database ###
$OracleConnection = New-Object System.Data.OracleClient.OracleConnection($OracleConnectionString);
$OracleConnection.Open()

Stored procedure example with parameters example:

try {

    ### create object ###
    $GetHostIDCommand = New-Object System.Data.OracleClient.OracleCommand;
    $GetHostIDCommand.Connection = $OracleConnection
    $GetHostIDCommand.CommandText = "GET_HOST_ID"
    $GetHostIDCommand.CommandType = [System.Data.CommandType]::StoredProcedure

    ### add storeprocedure paramaters ###
    $GetHostIDCommand.Parameters.Add("p_hostname", [System.Data.OracleClient.OracleType]::VarChar).Value = $Computer.ToUpper();
    $GetHostIDCommand.Parameters.Add("p_host_id", [System.Data.OracleClient.OracleType]::Number).Direction = [System.Data.ParameterDirection]::Output

    ### execute storedprocedure ###
    $GetHostIDCommand.ExecuteNonQuery() | Out-Null

    ### get the data from output defined by the storedprocedure ###
    $HostID = $GetHostIDCommand.Parameters["p_host_id"].Value

    ### dispose of object ###
    $GetHostIDCommand.Dispose()

}
catch { Write-Host "$Computer : Failed to GET_HOST_ID" }

SQL select query text example:

try {

    ### sql query command ###
    $OracleSQLQuery = "SELECT * FROM HOSTS"

    ### create object ###
    $SelectCommand = New-Object System.Data.OracleClient.OracleCommand;
    $SelectCommand.Connection = $OracleConnection
    $SelectCommand.CommandText = $OracleSQLQuery
    $SelectCommand.CommandType = [System.Data.CommandType]::Text

    ### create datatable and load results into datatable ###
    $SelectDataTable = New-Object System.Data.DataTable
    $SelectDataTable.Load($SelectCommand.ExecuteReader())

}
catch {

    Write-Host "Error while retrieving data!"

}

SQL update command text example:
(same would be for an insert command with no expected output)

try {

    ### sql update command query ###
    $HostUpdateHostSQL = "UPDATE HOSTS h SET h.PHYSICAL = '$(Convert-Boolean($HW_PHYSICAL))' WHERE h.ID = '$HostID'"

    $HostUpdateCommand = New-Object System.Data.OracleClient.OracleCommand;
    $HostUpdateCommand.Connection = $OracleConnection
    $HostUpdateCommand.CommandType = [System.Data.CommandType]::Text
    $HostUpdateCommand.CommandText = $HostUpdateHostSQL

    ### execute update command query ###
    $HostUpdateCommand.ExecuteNonQuery() | Out-Null

}
catch {

    ### output exception to screen ###
    Write-Host "$Hostname : ERROR! $HostUpdateHostSQL"
    Write-Host "Dump : $($_.Exception.ToString())"

}
### dispose regardless ###
finally { $HostUpdateCommand.Dispose() }
Tagged , , , , ,

Raspberry Pi, Edimax Wifi, DYMO Printer VMUG Check-in Process Tutorial

This article is out-of-date. It should only be used for historical reference. A new article will be published to reflect the updated code located at https://github.com/tkrn/pivmugc

Project Summary

At the Cleveland VMUG events we will be using a new check-in system. The system consists of a Raspberry Pi, Edimax Wifi adapter and a DYMO thermal label printer to perform wireless iPad check-ins. The setup will sign-in preregistered individuals and capture data from walk-on attendees. Finally, producing a name tag label which is printed wireless to the DYMO LabelWriter 330. This is how it was accomplished!

Videos

 

Hardware Layout

Pi-DYMO

The diagram is simple and straight forward but to give you a visual how things are related.

Prerequisites

Most important some sort of already existing Linux knowledge is highly recommended! This (updating + installing) will require a great amount of time since the Rasberry Pi’s processor is low in computational power and low IO through output since the Secure Digital memory card is generally slow. I started with a fresh image of Raspbian. At the time of writing, this tutorial is using version, 2014-09-09-wheezy-raspbian.

Let’s start by installing all the prerequisites libraries and binaries. Please complete the apt-get commands in order to prevent php5 installing apache2 since we are leveraging lighttpd.

sudo apt-get update -y
sudo apt-get install dnsmasq lighttpd cups libcups2 libcups2-dev libcupsimage2 libcupsimage2-dev build-essential g++ p7zip-full -y
sudo apt-get install php5-common php5-cgi php5-sqlite php5 -y

CUPS Installation & DYMO Driver

If you are using the pi user, add the pi user to the lpadmin (CUPS Admin) group:

sudo usermod -a -G lpadmin pi

After the installation of CUPS we will need to modify the following sections in /etc/cups/cupsd.conf to look like the following below. This will allow remote access to the CUPS Administration page and the CUPS web server will operate on all interfaces not just the localhost.

# Allow remote access
Port 631
Listen /var/run/cups/cups.sock

...

# Restrict access to the server...
<Location />
  # Allow remote access...
  Order allow,deny
  Allow all
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
  Allow all
</Location>

Here we will download the Dymo CUPS drivers and compile them on the Raspberry Pi. Again, this step will take a little bit of time to complete.

cd ~
wget http://download.dymo.com/Software/Linux/dymo-cups-drivers-1.4.0.tar.gz
tar -xzvf dymo-cups-drivers-1.4.0.tar.gz
cd dymo-cups-drivers-1.4.0.5/
sudo ./configure
sudo make
sudo make install

After these changes have been made to /etc/cups/cupsd.conf, cycling the service is required and to ensure the new Dymo driver is found.

sudo service cups restart

Proceed over to the CUPS web interface to setup the Dymo printer at https://host:631/admin

Once you get to the login page and you are authenticated, proceed to add a printer by selecting Add Printer under the Administration tab.
Dymo LabelWriter 330 CUPS Setup - Step Start

Select your DYMO LabelWriter printer and press Continue.
Dymo LabelWriter 330 CUPS Setup - Step 1

Specify a Name for your printer, I’de recommend keeping it short in name.
Dymo LabelWriter 330 CUPS Setup - Step 2

Select the Model of the printer or choose the PPD file from compiling if it was not automatically detected. Press Add Printer!
Dymo LabelWriter 330 CUPS Setup - Step 3

After the printer is added, ensure the proper defaults are set for the printer such as Print Quality, Print Density and Media Size by going to Set Default Options under the Administration tab.
Dymo LabelWriter 330 CUPS Setup - Step 4

Finally, ensure the DYMO LabelWriter is set to the System Default printer which is located in the dropdown menu of the printer under the Printers tab.
Dymo LabelWriter 330 CUPS Setup - Step 6

lighttpd Setup

Add the pi user to the www-data group so that the default lightttp path can be written to by the pi user:

sudo chown www-data:www-data /var/www
sudo chmod 775 /var/www
sudo usermod -a -G www-data pi

To enable the server to handle php scripts the fastcgi-php module should be enabled and lighttpd reloaded:

sudo lighty-enable-mod fastcgi-php
sudo service lighttpd force-reload

wlan0 Setup

During this section, we will give wlan0 a static ip address and ensure the interface is brought up at boot. Note this section and the dnsmasq sections are almost verbatim taken from, http://ariandy1.wordpress.com/2013/04/07/setting-up-wifi-access-point-with-edimax-ew-7811un-on-raspberry-pi/. These sections are placed here for linear order of operations and recap the article link above.

Edit /etc/network/interfaces, remove anything related to wlan0 then add this lines:

iface wlan0 inet static
address 10.0.0.1
network 10.0.0.0
netmask 255.255.255.0
broadcast 10.0.0.255

To make sure, add ifup wlan0 inside /etc/rc.local file before exit 0 so it will look like this:

...
ifup wlan0
exit 0

dnsmasq Setup

Stop dnsmasq before working on it:

sudo service dnsmasq stop
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo touch /etc/dnsmasq.conf

Edit the newly create /etc/dnsmasq.conf and make it reflect the following contents:

interface=wlan0
expand-hosts
domain=local
dhcp-range=10.0.0.10,10.0.0.50,24h
dhcp-option=6,10.0.0.1

Add the following to the /etc/hosts file to reflect the hostname of the Raspberry Pi for easy typing in the tablet web browser:

10.0.0.1        checkin checkin.local

hostapd Setup

The EW-7811Un features a Realtek RTL8192C depending on the revision. Since it uses a Realtek chipset you must use the Realtek’s version of hostapd. The majority of this following section was taken from, http://jenssegers.be/blog/43/Realtek-RTL8188-based-access-point-on-Raspberry-Pi. Proper credits goes to the author.

cd ~
wget https://github.com/jenssegers/RTL8188-hostapd/archive/v1.1.tar.gz
tar -zxvf v1.1.tar.gz
cd RTL8188-hostapd-1.1/hostapd
sudo make
sudo make install

Create the following file /etc/hostapd/hostapd.conf and tailor the following setting:

# Basic configuration
interface=wlan0
ssid=VMUGCheckin
channel=3

# WPA and WPA2 configuration
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=YourPassPhrase
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# Hardware configuration
driver=rtl871xdrv
ieee80211n=1
hw_mode=g
device_name=RTL8192CU
manufacturer=Realtek

Edit the following file to point to the newly created conf file above. Open up /etc/default/hostapd and make it reflect the following:

DAEMON_CONF="/etc/hostapd/hostapd.conf"

Enable the access point by restarting the hostapd service after all the changes:

sudo service hostapd restart

PHP Application

After everything, download the PHP binary bits included and extract everything to /var/www and follow the directions included in the 7z archive or download the complete Raspberry Pi below which includes all the work above including the application.

Download and extract the 7z archive:

wget <oldurl>
7z x -y -o/var/www VMUGWirelessCheckin_v103.7z

Ensure correct permissions:

sudo chown www-data:www-data /var/www/ -R
sudo find /var/www/ -type d -exec chmod 755 {} ;
sudo find /var/www/ -type f -exec chmod 644 {} ;
sudo chmod 664 /var/www/Checkin.*

For good house keeping delete the old landing page:

sudo rm -f /var/www/index.lighttpd.html

Be sure to set 664 Unix permissions on the *.db (SQLite database) and modify variables as needed in settings.php. Replace the background.png and logo.png under the images directory.

You should now be complete!

Application links are http://<host>/admin.php for the Administrative Functions page and http://<host>/reprint.php for the Reprint Page.

Summary

This give you everything you need to setup the hardware portion of this project. The software portion is simple, extract and deploy. Please post any questions or comments below.

Download / Git Repository

The Git repository for this project can be found here at GitHub, https://github.com/tkrn/pivmugc for the latest version.

Tagged , , , , , , , , , , , , , ,

Amazon AWS Route 53 DNS Review

Amazon, Google, YouTube and Facebook have scaled their websites and networks better than anyone in the world. Amazon has a hosted DNS product offering which is priced by the number of queries. Amazon’s DNS records are replicated globally and domain name servers reflect a global presence.

The numbers really speak for them selves and these are the cold hard facts. I will describe the three test scenarios which are:

  1. Response query time with records hosted on the hosting provider DNS servers
  2. Response query time with records hosted on the domain registrar’s DNS servers
  3. Response query time with records hosted on the Amazon AWS Route 53 DNS servers

Check out the data your self! Does it really require further explanation? If so, drop a comment.

1

Hosting Provider DNS Response Report

2

NameCheap DNS Response Report

3

Amazon AWS Route 53 DNS Response Report

VMware STS Clients Failed SSL Certificate of STS Service Cannot Be Verified

“Initialization of STS Clients failed. Root Cause: The SSL certificate of STS service cannot be verified” is an error which put a delay in deployment of the vShield Manager.

VMware STS Clients Failed Error

During the configuration of the Lookup Service Information, we encountered this particular error. It important to understand how the environment was designed when we hit this error and why it didn’t seem to make sense at first .

There are two sites, Site A and Site B, in a hybrid vCenter 5.1 configuration running vCenter 5.5 Single Sign-On and Web Client on their own dedicated virtual machines, SSO1 and SSO2. vCenter 5.5 Single Sign-On and the Web Client both reside on the same server, one in each site. There are a total of 5 vCenter Servers that are at 5.1 U1/U2 versions. Each vCenter is pointed at their corresponding site/geographic regions’ vCenter 5.5 Single Sign-On and Web Client server.

VMware Single Sign-On SSO Architecture

This model is fully supported by VMware per KB2059249 and has proven to be an ideal deployment model in the vCenter 5.1 product family than the initial release of Single Sign-On 5.1.

The vShield Manager was deployed at Site B and we used Site B’s SSO and Web Server address when configuring the Lookup Service. After research, internet forums indicated that the certificate of the SSO server, chain and root certificates needed to be bundled into a single certificate and installed on the STS server. This did not make sense since no certificates were manually generated for use by the SSO servers. All SSO certificates were generated during installation and we’re self signed by the VMware SSO installer.

VMware STS Clients Failed Error

While working with a co-worker to troubleshoot the issue above, it occurred to me to list all services that the SSO server see’s to determine what STS service that the SSO server was using. After issuing the following command on the SSO server:

ssolscli listServices https://cgvccore2.fqdn:7444/lookupservice/sdk

Output:

VMware STS Clients Failed Error Proof

The urn:sso:sts service was listed with Site A’s registered URL! It completely slipped my mind that there was only one STS server listed in any SSO instance. We updated the Lookup Service Information Host URL and the “Initialization of STS Clients failed. Root Cause: The SSL certificate of STS service cannot be verified” issue was resolved!

VMware STS Clients Failed Error Resolved

Note: This is single point of failure, it would be best to load balance the STS service. There are articles to update where the STS service is pointing to the event of a failure if a load balance model is not implemented initially.

Tagged , , , , , ,

EMC PowerPath Internal Error Migrations May Be Pending Fix

A host side migration between arrays can be a nerve racking task especially when you come across issues. Data loss is a constant fear in the back of your mind and what is your fail-back plan should you need to execute it. During a PowerPath migration, I learned the hard way that a host side copy of the boot-from-san lun is NOT supported. After setting up the migration and upon the sync command the Windows machine froze to a halt until it went offline.

After troubleshooting it was clear that the EMC PowerPath Migration Enabler Service needed to be disabled for the Windows machine to fully boot. After enabling EMC PowerPath Migration Enabler after the host was booted would immediately cause the Windows host to go unresponsive and hard power cycle was the only fix.

I could not start the PowerPath Migration Enabler service to abort the session since it would immediately freeze the server and secondly I was unable to uninstall PowerPath Migration Enabler since there was a session pending. I was in a pickle!

EMC PowerPath PPME Removal Migration Pending

After a support ticket with EMC, the resolution requires you to manually remove the PowerPath Migration Enabler database and keys within the registry. After preforming a few deletions then you will be able to star the service successfully without freezing your server and with no active sessions going.

  1. Delete the UMD by deleting the files from C:\Program Files\EMC\PPME\db*.* 
  2. Delete the all subkeys with Prefix “dm_” EXCEPT for dev_conf under, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\EmcPowerPath\KMD_*.
    The Keys would be dm_ac, dm_control_io_to_clones, dm_funnel_io, dm_wc.EMC PowerPath PPME Removal Migration Pending_Registry
  3. Reboot.

 

Tagged , , , ,

YaBB SE 1.5.5 MySQL Unknown Column Fix

For retro purposes, I wanted to make an old instance of YaBB SE 1.5.4 a read-only version to look back with friends to get some kicks and laughs. I first upgraded from YaBB SE 1.5.4 to YaBB SE 1.5.5c. This was a small project try bring this up on a modern operating system, primarily around the MySQL versioning. First I had to stand up a temporary virtual machine running CentOS 4.5 Linux. Followed by that, I was able to successfully to restore the backups that I had to the virtual machine as it was in the early 2000’s. An issue occurred when trying to run MySQL 4.x queries on a MySQL 5.x version. PHP did not pose the problem even though all functions within YaBB SE were built for the 4.x version of PHP. Below are my findings to get the MySQL SQL 4.x queries to work properly on MySQL 5.x instance. Please refer to the line number for the corresponding files.

Error:
Unknown column ‘m.ID_MEMBER’ in ‘on clause’
File: /home/www/Sources/MessageIndex.php
Line: 269

Original Code:

$result = mysql_query("
			SELECT t.ID_LAST_MSG, t.ID_TOPIC, t.numReplies, t.locked, m.posterName, m.ID_MEMBER, IFNULL(mem.realName, m.posterName) AS posterDisplayName, t.numViews, m.posterTime, m.modifiedTime, t.ID_FIRST_MSG, t.isSticky, t.ID_POLL, m2.posterName as mname, m2.ID_MEMBER as mid, IFNULL(mem2.realName, m2.posterName) AS firstPosterDisplayName, m2.subject as msub, m2.icon as micon, IFNULL(lt.logTime, 0) AS isRead, IFNULL(lmr.logTime, 0) AS isMarkedRead
			FROM {$db_prefix}topics as t, {$db_prefix}messages as m, {$db_prefix}messages as m2
				LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER=m.ID_MEMBER)
				LEFT JOIN {$db_prefix}members AS mem2 ON (mem2.ID_MEMBER=m2.ID_MEMBER)
				LEFT JOIN {$db_prefix}log_topics AS lt ON (lt.ID_TOPIC=t.ID_TOPIC AND lt.ID_MEMBER=$ID_MEMBER)
				LEFT JOIN {$db_prefix}log_mark_read AS lmr ON (lmr.ID_BOARD=$currentboard AND lmr.ID_MEMBER=$ID_MEMBER)
			WHERE t.ID_TOPIC IN (" . implode(',', $topics) . ")
				AND m.ID_MSG=t.ID_LAST_MSG
				AND m2.ID_MSG=t.ID_FIRST_MSG
			ORDER BY $stickyOrder m.posterTime DESC") or database_error(__FILE__, __LINE__);

Modified Code:

$result = mysql_query("
			SELECT t.ID_LAST_MSG, t.ID_TOPIC, t.numReplies, t.locked, m.posterName, m.ID_MEMBER, IFNULL(mem.realName, m.posterName) AS posterDisplayName, t.numViews, m.posterTime, m.modifiedTime, t.ID_FIRST_MSG, t.isSticky, t.ID_POLL, m2.posterName as mname, m2.ID_MEMBER as mid, IFNULL(mem2.realName, m2.posterName) AS firstPosterDisplayName, m2.subject as msub, m2.icon as micon, IFNULL(lt.logTime, 0) AS isRead, IFNULL(lmr.logTime, 0) AS isMarkedRead
			FROM {$db_prefix}topics as t, {$db_prefix}messages as m, {$db_prefix}messages as m2
				LEFT JOIN {$db_prefix}members AS mem ON (mem.ID_MEMBER=m.ID_MEMBER)
				LEFT JOIN {$db_prefix}members AS mem2 ON (mem2.ID_MEMBER=m2.ID_MEMBER)
				LEFT JOIN {$db_prefix}log_topics AS lt ON (lt.ID_TOPIC=t.ID_TOPIC AND lt.ID_MEMBER=$ID_MEMBER)
				LEFT JOIN {$db_prefix}log_mark_read AS lmr ON (lmr.ID_BOARD=$currentboard AND lmr.ID_MEMBER=$ID_MEMBER)
			WHERE t.ID_TOPIC IN (" . implode(',', $topics) . ")
				AND m.ID_MSG=t.ID_LAST_MSG
				AND m2.ID_MSG=t.ID_FIRST_MSG
			ORDER BY $stickyOrder m.posterTime DESC") or database_error(__FILE__, __LINE__);

Error:
Unknown column ‘b.ID_LAST_TOPIC’ in ‘on clause’
File: /home/www/Sources/Recent.php
Line: 45

Original Code:

$request = mysql_query("
	SELECT m.posterTime, m2.subject, m.ID_TOPIC, t.ID_BOARD, m.posterName, t.numReplies, t.ID_FIRST_MSG
	FROM {$db_prefix}boards AS b, {$db_prefix}categories AS c
		LEFT JOIN {$db_prefix}topics AS t ON (t.ID_TOPIC=b.ID_LAST_TOPIC)
		LEFT JOIN {$db_prefix}messages AS m ON (m.ID_MSG=t.ID_LAST_MSG)
		LEFT JOIN {$db_prefix}messages AS m2 ON (m2.ID_MSG=t.ID_FIRST_MSG)
	WHERE c.ID_CAT=b.ID_CAT
		AND (FIND_IN_SET('$settings[7]', c.memberGroups) != 0 OR c.memberGroups='' OR '$settings[7]' LIKE 'Administrator' OR '$settings[7]' LIKE 'Global Moderator')
	ORDER BY m.posterTime DESC
	LIMIT 1;") or database_error(__FILE__, __LINE__);

Modified Code:

$request = mysql_query("
	SELECT m.posterTime, m2.subject, m.ID_TOPIC, t.ID_BOARD, m.posterName, t.numReplies, t.ID_FIRST_MSG
	FROM ({$db_prefix}boards AS b, {$db_prefix}categories AS c)
		LEFT JOIN {$db_prefix}topics AS t ON (t.ID_TOPIC=b.ID_LAST_TOPIC)
		LEFT JOIN {$db_prefix}messages AS m ON (m.ID_MSG=t.ID_LAST_MSG)
		LEFT JOIN {$db_prefix}messages AS m2 ON (m2.ID_MSG=t.ID_FIRST_MSG)
	WHERE c.ID_CAT=b.ID_CAT
		AND (FIND_IN_SET('$settings[7]', c.memberGroups) != 0 OR c.memberGroups='' OR '$settings[7]' LIKE 'Administrator' OR '$settings[7]' LIKE 'Global Moderator')
	ORDER BY m.posterTime DESC
	LIMIT 1;") or database_error(__FILE__, __LINE__);
Tagged , , ,

vCenter 5.1 Single Sign-on (SSO) Unable to expose the remote JMX registry. Port value out of range: -1

VMware vCenter 5.1 Single Sign-on can pose many problems since Single Sign-on has been introduced until VMware’s replacement with the 5.5 version of Single Sign-On. If you are required to still use vCenter’s 5.1 Single Sign-on server and experience the following “Unable to expose the remote JMX registry” or “Port value out of range: -1” the resolution is simple but let’s first identify this is the issue by analyzing the catalina log.

The following is an example from, C:Program FilesVMwareInfrastructureSSOServerlogscatalina.2013-09-02.log.

02-Sep-2013 00:38:51.903 INFO [WrapperSimpleAppMain] com.springsource.tcserver.security.PropertyDecoder.<init> tc Runtime property decoder using memory-based key
02-Sep-2013 00:38:52.854 INFO [WrapperSimpleAppMain] com.springsource.tcserver.security.PropertyDecoder.<init> tcServer Runtime property decoder has been initialized in 960 ms
02-Sep-2013 00:38:56.364 INFO [WrapperSimpleAppMain] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-bio-7445"]
02-Sep-2013 00:38:56.396 INFO [WrapperSimpleAppMain] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-bio-7444"]
02-Sep-2013 00:38:56.396 INFO [WrapperSimpleAppMain] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-bio-7080"]
02-Sep-2013 00:38:56.396 INFO [WrapperSimpleAppMain] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["ajp-bio-7009"]
02-Sep-2013 00:38:57.784 SEVERE [WrapperSimpleAppMain] com.springsource.tcserver.serviceability.rmi.JmxSocketListener.init Unable to expose the remote JMX registry.
 java.lang.IllegalArgumentException: Port value out of range: -1
	at java.net.ServerSocket.<init>(ServerSocket.java:18
	... debug junk ...

In C:Program FilesVMwareInfrastructureSSOServerconfcatalina.properties, towards the bottom you will find the following variables:

base.shutdown.port=7005
base.jmx.port=-1
ajp-vm.http.port=7080

Change base.jmx.port to equal 6969. By default, -1 is disabled but causes SEVERE warnings in the Single Sign-On (SSO) log files.

base.shutdown.port=7005
base.jmx.port=6969
ajp-vm.http.port=7080

See for further detail about the base.jmx.port property at http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-ABF63FAB-711C-4C8D-87D7-E6FB73B98425.html

Tagged , , , , , ,

EMC Avamar Error 10007 VMX file is Suspiciously Small Fix

EMC Avamar Error 10007 is an interesting error with a little history behind it. After opening up a support case with EMC, they indicated that error 10007, vmx file is suspiciously small, is a legacy error message from the VMware vCenter 4.x version of vCenter. From what the support technician said, is that the VMX file would be backed up through web services. This all changed in vCenter 5.x. Our error 10007, was resolved by restarting the MCS services on the Avamar grid. What happened is that the cached credentials and session state became stale/invalid. The EMC Avamar grid would try to reuse that session information that was now invalid thus causing the Avmar 10007 error.

This may seem like a strange fix, but restarting MCS services on the Avamar grid resolved our issue. This resolution was the recommended fix from EMC support. The article, Backup job fails for all virtual machines after vSphere Data Protection 5.1 deployment (2038597), is published by VMware regarding a similar error but this was not the particular error which we were encountering.

The EMC Avamar Error message would look like:

2013-07-08 08:31:41 avvcbimage Error : vmx file  is suspiciously small (under 30 bytes), please examine the log on the Avamar Administrator for root cause analysis (Log #2)
2013-07-08 08:31:41 avvcbimage Error : Backup of VM metadata failed. (Log #2)
2013-07-08 08:31:45 avvcbimage Error : Avtar exited with 'code 163: externally cancelled' (Log #2)

The EMC Avamar proxy log would display the following messages:

avmproxy1:/usr/local/avamarclient/var-proxy-1 # egrep -i "sdk|reused" Default_Domain-1372926600107-e55a99675c5f5a260028ec81d88bf620d9678824-1016-vmimagel.log
2013-07-04 08:32:32 avvcbimage Info : Login(https://vcenter.domain.com:443/sdk) problem with reused sessionID='52f3ba9e-ff44-fa6d-ed6f-61b44fe35ec5' contacting data center 'Cleveland'.
2013-07-04 08:32:32 avvcbimage Warning : Problem logging into URL 'https://vcenter.domain.com:443/sdk' with session cookie.
2013-07-04 08:32:32 avvcbimage Info : Logging into URL 'https://vcenter.domain.com:443/sdk' with user 'DOMAINavamar' credentials.
2013-07-04 08:32:32 avvcbimage Info : Login(https://vcenter.domain.com:443/sdk) problem with reused sessionID='524408a5-443b-1d22-9878-6f5fe4de2816' contacting data center 'Cleveland'.

Resolution: Restart MCS Services on the EMC Avamar Grid.

Tagged , , , , , ,

vSA vSphere Storage Appliance Performance Benchmark Test

The article below goes into depth with my experience with VMware vSA Performance Benchmark Testing. I’ve tried to be as detailed as possible to give you a complete picture of my findings. I believe that there is a space where storage virtualization may thrive but with recent experience with the VMware vSA product, I am less than satisfied with the results, manageability and most of all performance. I believe storage virtualization has a few more years until maturity until it can be truly considered a serious candidate in the small & remote office scenarios.  This statement holds true for other two/three node storage virtualization technologies including Falconstor’s storage virtualization.

VMware Version Information

VMware vCenter Server 5.1.0, 947673
VMware vStorage Appliance 5.1.3, 1090545
VMware ESXi 5.1 U1, HP OEM Bundle, 1065491 (VMware-ESXi-5.1.0-Update1-1065491-HP-5.50.26.iso)

HP ProLiant DL385 G2 Hardware Configuration
– 4 CPUs x 2.6 GHz
– Dual-Core AMD Opteron Processor 2218
– AMD Opteron Generation EVC Mode
– HP Smart Array P400, 512MB Cache, 25% Read / 75% Write
– RAID-5, 8x 72 GB 10K RPM Hard Drives
– HP Service Pack 02.2013 Firmware

vStorage Appliance Configuration
– 2 Node Cluster
– Eager Zero Full Format
– VMware Best Practices

IOZone Virtual Machine Configuration
– Oracle Linux 6.4 x86_64
– 2 vCPU
– 1 GB Memory
– 20 GB Disk, Thick Eager Zero Provisioned
– VMware Tool 9.0.5.21789 (build-1065307)

IOZone Test Paramaters
/usr/bin/iozone -a -s 5G -o

-a   Used to select full automatic mode. Produces output that covers all tested file operations for record sizes of 4k to 16M for file sizes of 64k to 512M.

-s #   Used to specify the size, in Kbytes, of the file to test. One may also specify -s #k (size in Kbytes) or -s #m (size in Mbytes) or -s #g (size in Gbytes).

-o   Writes are synchronously written to disk. (O_SYNC). Iozone will open the files with the O_SYNC flag. This forces all writes to the file to go completely to disk before returning to the benchmark.

VMware ESXi/vSA Network Configuration

VMware vSA Architecture

IOZone Performance Benchmark Results

vSA Read Graph

vSA Stride Read Graph

vSA Random Read Graph

vSA Backward Read Graph

vSA Fread Graph

vSA Write Graph

vSA Random Write Graph

vSA Record Rewrite Graph

vSA Fwrite Graph

Download RAW Excel Data

Summary

The vSA performed far less than the native onboard storage controller which was expected due to the additional layer of virtualization. I honestly expected better performance out of the 8-disk RAID-5 even without storage virtualization since they were 10,000 RPM drives. On average, across all the tests there is 76.3% difference between the native storage and the virtualized storage! Wow! That is an expensive down grade! I understand that the test bed was using not the latest and greatest hardware but in general terms of disk performance is generally limited by the spinning platter. I would really be interested in seeing the difference using newer hardware.

I believe this only depicts a fraction of the entire picture, performance. There is other concerns that I have at the moment with storage virtualization such as complexity and manageability. I found the complexity to be very frustrating while setting up the vSA, there are many design considerations and limitations with this particular storage virtualization solution most of which were observed during the test trails. The vSA management is a Flash-based application which had it’s quirks and crashes as well. Crashes at a storage virtualization layer left me thinking that this would be a perfect recipe for data loss and/or corruption. In addition, a single instance could not manage multiple vSA deployments due to IP addressing restrictions which was a must for the particular use-case which I was testing for.

For now, storage virtualization is not there yet in my opinion for any production use. It has alot of room to grow and I will certainly be interested in revisiting this subject down the road since I believe in the concept.

Reference Articles That May Help 

Tagged , , , , , , ,