Conrey.org » Virtualization

Getting Involved. CIALUG2004 – vEXPERT 2010

theron — Thu, 10 Jun 2010 13:18:04 +0000

First I’ve got to thank Scott Lowe for his blog post “Blogging for the right reasons” for the motivation to get this one wrapped up. It’s been sitting in my drafts for a while now, long enough that vEXPERT2010 was more than one other thing before. This is just my PoV, let me know what you think!

Back in 2004, I thought I knew enough to be dangerous with IT. Whether it was RedHat, Mandrake (hey don’t judge), Solaris, that odd little GSX box in the corner, or the suite of DoD software that I was supporting, I was pretty sure I knew what I was doing. I knew these technologies pretty well. Or so I thought. I was already blogging, I had already moved my awesome geocities page to a early blogging platform, and was migrating again to some early version of wordpress, running on some shiny new desktop in my basement that was also my ipchains firewall. I was ubercool.

After going to my first CIALUG meeting what I realized though was that I was missing the most important part of linux and opensource in general. Open collaboration. When I went home, something had changed. Sure, I’d learned something, sure I’d talked about my awesome new mythtv box I was working on, but something different had happened. There had been a fundamental shift in the importance in my mind of community.

For those of us active in any community, this cohesion can be a profound, life changing thing. We get angry when people/companies threaten out culture, and the linux community, really, as a collective, isn’t the most socially elegant group out there.

When my work started focusing more and more around vmware, the blogging community that had sprouted up around vmware was something I could relate too. There was that sense of community, that sense of passion that Scott writes about, and I was drawn to it. It’s great being a part of a community, where you can contribute what you know, and continue to learn more yourself.

Along with a host of great blogs the VMUGs were (and still are) a great way for new (and existing) members of the community to reconnect, share information, and stay engaged. The only thing that is glaringly different was and is that the VMUGs are run by vmware corp. That’s just the way that it is, I’m not saying it’s bad or good, I’m just saying; that’s the way it is.

The elephant in the room with the vmware community as a whole is that we’re a community of use. Although some of us exist inside the corp firewall of vmware or EMC proper, we don’t, as a community, develop the software. We use it. Nothing wrong with that, but there is a fundamental difference in the community surrounding vmware and the community surrounding linux distro X or software package X. Even the wonderful and completely awesome work that is being done /w powershell is completely dependent on the existence of a financially viable company. The code doesn’t stand separate. (Some would point out here that “linux” in general isn’t really developed by the “community” at this point either. Best left for a separate conversation I suppose)

This difference impacts the way we write, and what we write about. We’re “users” and we await the latest feature, ready for that surprise shock and awe that accompanies it. We like to be “in the know”, aware of the next feature that is going to come out before anyone else. But when we do know. WE SHARE. Sharing that information, the best configurations, a PS script, the awesomeness that is the community powerpack, the mini monitor by Nick Weaver, these are the things that make our community work. The forums are great, and the amount of data in there is insane. Someone once said that the average time to get an answer to a well described problem on the vmware forums was under 10 minutes. That’s free support for vmware, delivered in the best way possible. From your peers. From another person who has been there before.

Are you still with me? This brings me to the topic of Scott’s post.

While I blog, In my head, I instantly translated this to, “participating in the community for the right reasons.” Why? He mentions twitter, and really, there are more places to get recognized by “Company X” than just via a blog and twitter. And most people I know don’t just blog about tech stuff, heck, I don’t blog just about vmware or linux. I blog about, well, just look up and to your right.

So how could someone participate for the wrong reasons? I’m not an active participant in the forums, but there is REAL value in doing that. I’m not the most regular attendee to our VMUGS, (I don’t like driving the distance of Paris to Brussels for a VMUG………shocked, I’m sure) but there is REAL value in participating in the VMUGs. I’m not the most regular blogger, but again, to those that do, however often, there is REAL value in doing that.

That value, that sharing of knowledge, is important to those that also involved, or more importantly, to those that are just now trying to figure out how to get involved.

I’ll wrap this up for the 2 of you that made it this far. Participate in the vmware community however you can best contribute. We don’t care what your reasons are, you may be an employee just doing your job, you may be a ROCKSTAR vmware admin with time to assist, you may be a published technical author, a vmware instructor, shoot, you may be all of the above, just get, and stay, involved. We’ll all be better because of it.

And if you’re blogging for the wrong reasons, well, keep blogging. you may surprise yourself down the road.

In my head, if we start to judge the why people are writing, the potential creeps in where we’re setting an elitist bar that tries to separate out an “us” from “them”. I’ve never seen that play out well in any community that I’ve been a part of. That growing number of blogs you see that concerns you? Chances are they are people that look up to you, so get personal. If you have a concern, ask them.

And to the email I got from the person asking if they may be looked at differently for starting a blog after Scott’s post, the answer is NO. A resounding NO. DO IT. Honestly, we don’t care why you’re doing it, just get involved.

VMware vEXPERT 2010….. whoa.

theron — Sat, 05 Jun 2010 23:07:41 +0000

I’m thrilled to announce that I’ve been selected as a vmware vEXPERT for 2010. What is it? From the vmware website:

The VMware vExpert Award is given to individuals who have significantly contributed to the community of VMware users over the past year. vExperts are book authors, bloggers, VMUG leaders, tool builders, and other IT professionals who share their knowledge and passion with others. These vExperts have gone above and beyond their day jobs to share their technical expertise and communicate the value of VMware and virtualization to their colleagues and community.

Huge thanks to @jtroyer and the folks that picked the winners this year. I’m still in a bit of shock, I’m hugely exited for what’s in store for this year. Looking at the list, I’m humbled to be included. Thanks again vmware!

-Theron

Backup: Chicken Little in the Unified Data Center starring Joe Skorupa of Gartner

theron — Tue, 11 May 2010 02:48:23 +0000

NOTE:This is a repost/archival post of an article written by Steve Chambers posted on his personal website, viewyonder.com, March 25th, 2010. This backup was made from a google cache of the post found here.

For information on blogger’s rights, please visit the EFF.

DCB? FCoE? Eh?

I read a brilliant blog post by J Michael Metz today about the recent Gartner report on FCoE by Joe Skorupa. Of the many great lines and counter arguments in the post, likening Gartner to Chicken Little was comically accurate in my humble opinion, and is a typical analyst response to anything new and innovative: remember the scare stories about virtualization? If you listened to guys like Joe, would you ever get anything done?

Please go and read the post yourself, but here’s the general outline to give you a flavour:

Define your terms – looks like Joe don’t know the difference between DCB and FCoE

Learning how to count – convergence increases components! Does Joe think that virtualization increases physical server counts too?

Financial barriers – well, this is crap in crap out. If you have more stuff (you don’t) then it’s more expensive (it isn’t)

Increased complexity – because it’s new? because the teams, tools aren’t set up for it?

Hard to debug – crap in/out again, especially if you don’t understand DCB and FCoE.

Sublime to surreal – don’t do it because you might not get the benefit, but don’t rule them out. What the hell does that mean?

Missed opportunities – when you don’t have an axe to grind, nor a hidden agenda, what’s the real opportunity?

Myopic strawmen – what about ETS?

Don’t forget that the ten-page Gartner report can be yours for $200. Yes, that’s $20 a page. The good times must be back!

If Joe can sell just nine of those reports he might want to invest in this FCoE course.

1. The Z-Factor: Scaling deep in the data center
2. Don’t be a chicken, cram your eggs into vSphere on UCS
3. Understanding and untangling the data center spaghetti
4. Unified Computing = Unified People, Process and Technology

UEC “Cloud in a Box” from Canonical

theron — Fri, 09 Apr 2010 23:06:52 +0000

With all of the development going on in the Ubuntu ecosystem today, one of the more interesting developments in my opinion is the Ubuntu Enterprise Cloud. UEC is a great way for existing (or new) Ubuntu/Canonical users/customers to build out a supported virtual machine hosting platform that utilizes the same tools as Amazon’s EC2 to manage it. This type of private cloud is extremely compelling, allowing you to setup an environment where your production environment is running on EC2, while utilizing the same tools, and images in a local test/dev environment.

Alternatively, running everything locally, you can maintain the flexibility to move to another UEC deployment, or EC2 if required.

A couple of days ago I had lunch with a friend of mine, and he slyly slid across the table Canonical’s “Cloud in a Box”.

This is meant to be passed off to decision makers, to help higher ups understand the ease of installation, the stability and compatibility of the UEC platform, and Canonical’s support muscle behind it.

Split nicely into two simple parts, Deploy and Decide, we’ll quickly go over both sections.

The Deploy section walks through the simple installation steps to getting a EUC install running, as well as including an Ubuntu “Your Private Cloud 9.10″ install disk.

Interesting for me is the List of Supported hardware for Ubuntu 9.10 Server Edition and UEC. If you’re deploying this in your company, you’ll want the support Canonical can provide, and there’s a sizable list of hardware you can deploy on and get that support. It’s interesting to note that Canonical provides support for their platform, as well as the software running on it. Full solution support for this is key to a successful deployment.

The other side, the Decide section, reads like a dead tree powerpoint presentation, listing bullet and talking points that describe/add clarity to the UEC story. I particularly liked the “defining cloud computing” slide, as it clearly states the official canonical stance on where this product fits:

At Canonical, we believe cloud computing is all about Infrastructure as a Service. Specifically, the approach to managing Infrastructure first pioneered on Amazon EC2 and S3.

This reminds me to tell you to go listen to Simon Wardley. Presentation Gold.

What really separates Ubuntu cloud from other platforms based on Free and Open Source Software is really the community momentum, the scale of Amazon’s EC2, and the leadership vision to really make ubuntu the best virtual guest platform for applications. That’s no small feat. Today, Ubuntu is the most deployed Linux OS on Amazon’s public cloud, and it’s lead is growing.

Long story short: Canonical and Ubuntu are making a serious bid to be the next big enterprise linux distribution, and one of the major differentiators today is UEC. With the impending release of Ubuntu 10.04 LTS, there is going to be an increased interest in Ubuntu’s private cloud offering. Novell and Redhat should be taking notes.

Find out more about UEC: http://www.ubuntu.com/cloud/private
Find our more about Eucalyptus: http://www.eucalyptus.com/

Deploying an Ubuntu Lucid VM on BlueLock’s Beta vCloud.

theron — Wed, 10 Mar 2010 20:01:09 +0000

1st, kudos to bluelock for providing an Ubuntu template for use on their beta vCloud. Taking a stock Ubuntu template provided to Lucid costs about 2 bucks, that is, if they were charging us. Thanks guys!

With that out of the way let’s get to the meat, if you’re deploying an ubuntu vm from the current template (as of 10Mar10) there are a few security items I’d address right out of the gates after deploying a new VM.

From the console, after logging in with the provided account information:

0) turn on the firewall

sudo ufw enable
This will disable all inbound connections, and set the firewall to start automatically on boot. We’ll go back and selectively open ports later.

1) create a new user.

In order to create a new user, from the command line, do the following:
sudo adduser
answer the questions asked about the user, (this is you btw). As we’ll be deleting the default user account, you’ll want to make sure that this new user is in the admin group, so that you can have sudo access.
sudo usermod -g admin
Verify this worked by logging out, and logging in as your new user. (exit will log you out at this point)
Once you’re logged back in as your new user, type:
sudo -l -S
you should see the response that looks like this:
User may run the following commands on this host:
(ALL) ALL
with that done,

2) delete the default bluelock user.

sudo userdel express

3)disable root ssh access

I’m not sure why this is enabled by default, but certainly go in and edit your sshd.conf, look for the # Authentication: section, and disable the root account from being able to log in remotely via ssh.

sudo nano /etc/ssh/sshd_config

and change:
PermitRootLogin yes
to
PermitRootLogin no

4)change the root password

Call me paranoid, but at this point I want to ensure that this template’s root account has a different root password than all the other ones that are deployed in bluelock.
sudo su -
at this point, you’ll be root, to change the password, I suggest using the following website: https://www.grc.com/passwords.htm copy the bottom option (yes all of it) and type:
passwd
and when prompted enter that long string. You won’t be using it again, so don’t worry what it is. (thus the power of sudo)

5)Change the default root mysql password

You’ll want to follow the recommended procedure from bluelock and change your default mysql root password as well.
sudo dpkg-reconfigure mysql-server-5.0

5)check for updates

Get used to using aptitude. It rocks. I know, I know, apt-get works, but aptitude is the way to go.
sudo aptitude update
Once your available package information has been updated, upgrade!
sudo aptitude upgrade
or combine the two together:
sudo aptitude update && sudo aptitude upgrade
select yes, and grab a cup of coffee. This may take a few minutes. (BlueLock does have fat pipes, so this won’t take THAT long.)

wait? what about my firewall?

oh that’s right. we want to enable access to some services now that we’ve taken care of some security stuff. Get familar with the ufw commands. This is a great simple firewall that ships by default with ubuntu now.

Let’s enable ssh and http access (as bluelock does ship their current ubuntu template with apache2 installed)

sudo ufw enable ssh
sudo ufw enable http

and let’s verify what we’ve enabled
sudo ufw status
should return something like:
status: active
and a list of ports that are open.

Break Break

Couple of thoughts, I always move away from password based ssh logins to key based. Rather than recreate the wheel, here’s a good tutorial that I use as well: http://www.debuntu.org/ssh-key-based-authentication

At this point we’re at a point where we’ve deployed a secure platform to move forward from. If you want to upgrade to a newer version of ubuntu read on!

6)upgrade!

Once you’ve applied all your updates, here’s the command to go out and see if there’s a newer version of ubuntu available:
sudo do-release-upgrade
if you want to to check for development versions of Ubuntu, use:
sudo do-release-upgrade -d

7)rinse and repeat

At this time, you can update and upgrade to your heart’s content to get to whatever version of Ubuntu you’re looking for. I recommend doing the upgrade through the console to avoid any issues that may arise doing it via ssh.

Thanks for reading!

-theron

(This has also been reposted over in the Tips, Tricks, Tutorials section of the BlueLock Forum)