fbpx

Multiple Virtual CPUs are Causing Performance Issues

  1. Open a console prompt on the ESX host or initiate an SSH connection to it.
  2. Type esxtop and press Enter.
  3. In the CPU screen, check the %CSTP value. If this number is higher than 3.00, the performance issues may be caused by the vCPU count. Try lowering the vCPU count of the virtual machine by 1.Note: The %CSTP value represents the amount of time a virtual machine with multiple virtual CPUs is waiting to be scheduled on multiple cores on the physical host. The higher the value, the longer it waits and the worse its performance.  Lowering the number of vCPUs reduces the scheduling wait time.
  4. In vCenter, you can also edit the realtime graphs to show Co-Stop:Co-Stop

As a general rule, I recommend starting with one processor and upgrading to multi-processors if it is really necessary. Case in point: I have a DBA that wanted 8 processors for his Oracle Database, I initially gave it to him, but soon the DB began this power grab on the vHost. Once I convinced him it was his server causing the issues, we rolled the system back several processors and the DB worked much better.

Metallic vs Ceramic Brake Pads

To heck with metallic pads.
Go with ceramic pads for your disk brake needs. They don’t make as much brake dust and they last so much longer.
Another thing to consider is that instead of turning your rotors, just replace them every other time you change the pads. It just doesn’t pay to turn them anymore.
Also. Changing your pads and rotors is super easy and can be done with simple tools, the only “special” tool I used was a large C clamp. It took about 45 minutes to do both sides and I got a good health check of the car while I was under there.

GPG, Kleopatra, and PGP

I needed to make a PGP encryption system to transfer some files around. Strictly for entertainment and memory process here’s an example of the command lines you need to encrypt a file and then decrypt it.

Encrypt looks like this:

(Now sometimes you have to do this prerequisite)

gpg –edit-key email@****.com

trust
5 (select 5 if you ultimately trust the key)
save

Ultimate Encryption Command:

F:test>gpg -r (NameOfCert) -o (NewEncryptedFile.pgp) -e (FileToBeEncrypted.pdf)

Decrypt looks like this:

F:test>gpg –batch –yes –passphrase (your passphrase) -o (UnencryptedOutput.xml) -d (EncryptedFileInput.pgp)
gpg: encrypted with 4096-bit RSA key, ID ********, created 2014-10-20
“Certificate Name, Description, Etc. <Email Address>”

Pre-Seeding with 2012 DFSR

I built a Windows 2012 file server to upgrade from 2008r2 I used this robocopy command to pre-seed the file server in order to speed things up.

robocopy.exe “\source serverd$” “d:” /b /e /copyall /r:6 /xd dfsrprivate /log:robo.log /tee /MT

We started using dfsr to populate the machine initially but it was taking too long and pulling from a remote server. Using the robocopy pre-seed command copied the files from a local host and executed at line speed – resulting in a much faster time to completion.

Also, don’t forget to take advantage of the new feature in Windows 2012, De-Duplication…. I’m saving over 20-30% on my file servers now that I’ve enabled dedupe.

 

I’ve had to come back and edit this because I discovered something that really helps ease the mind while performing the above operation. – and is something that should be done to spot check the system before introducing a pre seeded system into DFS. Check your hash for the directories and files to make sure that they are identical. This will allow a faster delta transition time between the old and new systems.

 

C:Windowssystem32>dfsrdiag filehash /filepath:\onrfs01d$vacancy_monitoring

File Hash: DBCCC7FA-E523939F-835B14D5-31020191

Operation Succeeded
C:Windowssystem32>dfsrdiag filehash /filepath:\onrfs02d$vacancy_monitoring

File Hash: DBCCC7FA-E523939F-835B14D5-31020191

Operation Succeeded

Setup High Availability with Sophos 9.x

Today I wanted to take advantage of installing a passive instance of Sophos UTM 9.x (we use version 9.307006 at the moment)

Our installation is entirely virtual, we only have virtual hosts, ESXi 5.5 2456374, Force10 Switches and SAN gear.

First thing to do is get your UTM setup and configured the way you want it. Put a couple extra nics in there for the future, get basic firewall functionality setup and “everything” working. OR, if you’ve already got a UTM setup, start by logging into your UTM shell as root and enter the following command:

cc set ha advanced virtual_mac 0

The above MUST be done for the HA system to work in the vmWare environment.

Next, clone your existing system. I have an even/odd numbered vhost scheme going on so I changed the name of the existing UTM to UTM01 and cloned it from vHost01 to vHost02 as UTM02.

Once the clone snapshot completed, I logged into the UTM01 and went to:

Management, High Availability, and clicked the Configuration tab.

Here, select Hot Standby (active-passive)

Below in Configuration, select your NIC, I used the last one added to the system. (eth7)

Then enter the device name (csutm01) and a device node select 1 and set an encryption key.

 

Go ahead and apply all your settings, (click both apply buttons)

By now your clone should be done, DO NOT POWER IT ON.

Right click the VM, and disconnect all network cards except the one connected to the HA network.

Now, power up the UTM02 and open the console. Wait for the system to come to the login screen and use your root credentials to login.

Now we will reset the configuration of the UTM02 to factory. MAKE SURE you are on the CORRECT SYSTEM!!

So, login as root,

cc (enter)

RAW (enter)

system_factory_reset (enter)

The system will power off when complete. Once it has powered off, reconnect your internal interface. Power back up again and go through the basic setup settings. The only thing required is an internal network. Don’t configure anything else. (may have to add a license file)

Once the system allows you to login,  go to

Management, High Availability, and clicked the Configuration tab.

Here, select Hot Standby (active-passive)

Below in Configuration, select your NIC, I used the last one added to the system. (eth7)

Then enter the device name (csutm02) and a device node select 2 and set an encryption key.

Go ahead and apply all your settings, (click both apply buttons)

The web interface will lock up indicating that you have lost connection to the secondary UTM02.

You should already be logged in to UTM01 and if you go to the High Availability menu, you should see the system UTM01 Active, or Master and the UTM02 status Syncing. It takes about 15 minutes for the system to stabilize so be patient.

There you have it. the above steps are exactly how I set up my three data centers and a development environment. If you have any troubles please feel free to send me a message

Non-Root User Permissions Oracle Linux

I’m working on a system recently migrated to Oracle Linux 6.6 from a very old Solaris system. There is a CIFS mount from a Windows 2012r2 server that existed on the old system. The raw mount point has 777 directory permissions.

[root@localhost ~]# ls -ld /datastore/
drwxrwxrwx 2 root root 4096 Jan 6 09:50 /datastore/
When the mount is active the permissions are:

[root@localhost ~]# ls -ld /datastore/
drwxr-xr-x 1 root root 634564 Jan 6 09:50 /datastore/
Users other than root cannot write to the share or create files. Looking at the old server, the permissions on files and subdirectories within the same share have the setuid bit. This is not present on the new system. The /etc/fstab looks like:

//cifshost/datastore /datastore cifs username=user,password=password,domain=mydomain.local 0 0

You’ll need to change /etc/fstab and add the file_mode=0666,dir_mode=0777 mount options.

//cifshost/share/datastore /datastore cifs user=user,pass=password,file_mode=0666,dir_mode=0777 0 0

And you should be good to go!

Update EqualLogic Disk Firmware

Ok, we all know that updating controller firmware on the EqualLogic Systems is an easy task, basically open the GUI, upload a file, click a few buttons and Bang! updated.

http://www.matavesi.com/wp-content/uploads/2020/06/kit_V9.0.3-R427117_1120407684.tgz

http://www.matavesi.com/wp-content/uploads/2020/06/kit_V8.1.3-R422462_334193118.tgz

So now you’re getting emails from SANHQ complaining about disk firmware. What then?

http://www.matavesi.com/wp-content/uploads/2020/06/kit_V10.0_DriveFw_2480353603.tgz

http://www.matavesi.com/wp-content/uploads/2020/06/kit_V8.0_DriveFw_2285700222.tgz

http://www.matavesi.com/wp-content/uploads/2021/02/kit_V11.0_DriveFw_2875173717.tgz

First, open your favorite FTP software, mine’s WinScrape aka WinSCP.

FTP over to your EQL box’s group IP or management IP.

Upload the .tgz package, I used kit_V8.0_DriveFw_2285700222.tgz

I did not unzip the file, repeat, it does not need any further work.

Then I Putty (ssh) over to the EQL box’s group IP or management IP and perform the following command – update.. yes that’s it. just type “update”. and best part is you can do it hot, no outage necessary!

I’ll just paste in the entire output from my instance.

Welcome to Group Manager

Copyright 2001-2014 Dell Inc.

EQLSAN> update
13:24:23 Updating from kit file “kit_V8.0_DriveFw_2285700222.tgz”

This command will install the update kit file that was
copied to the array.

If you choose to proceed, you will be shown the current firmware version
and the version to which you will update. You will then be given the
choice to proceed again.

Do you want to proceed (y/n) [y]: y

13:24:39 Verifying kit integrity.
Starting Disk Firmware update… V8.0
…Initializing support libraries…

Identifying drives that qualify for firmware upgrades… Please wait.

22 drive(s) in this array qualify for a firmware upgrade.

The process will now update the 22 drives that qualify for a firmware upgrade.

If you proceed, please do not power off or restart the array, or remove

any drives until the update process completes.

Do you want to continue at this time (Y/N)? y
SKIPPING DriveID 0 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 1 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 2 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 3 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 3

SKIPPING DriveID 4 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 5 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 6 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 7 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 7

SKIPPING DriveID 8 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 9 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 10 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 10

SKIPPING DriveID 11 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 12 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 13 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 14 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 14

SKIPPING DriveID 15 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 16 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 17 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 18 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 18

SKIPPING DriveID 19 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 20 No firmware is available for Model: HUS723030ALS640

SKIPPING DriveID 21 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 22 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 22

SKIPPING DriveID 23 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 24 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 24

SKIPPING DriveID 25 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 26 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 26

Checking health status of Array
UPGRADING DriveID 27 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 27

Checking health status of Array
UPGRADING DriveID 28 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 28

SKIPPING DriveID 29 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 30 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 30

Checking health status of Array
UPGRADING DriveID 31 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 31

Checking health status of Array
UPGRADING DriveID 32 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 32

SKIPPING DriveID 33 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 34 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 34

Checking health status of Array
UPGRADING DriveID 35 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 35

Checking health status of Array
UPGRADING DriveID 36 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 36

SKIPPING DriveID 37 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 38 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 38

Checking health status of Array
UPGRADING DriveID 39 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 39

Checking health status of Array
UPGRADING DriveID 40 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 40

SKIPPING DriveID 41 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 42 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 42

SKIPPING DriveID 43 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 44 firmware from RE0C to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 44

SKIPPING DriveID 45 No firmware is available for Model: HUS723030ALS640

Checking health status of Array
UPGRADING DriveID 46 firmware from RN08 to RE12 using ./fwbin/RE12.lod
Drive firmware successfully updated : on drive 46

SKIPPING DriveID 47 No firmware is available for Model: HUS723030ALS640

Logging post run disk information

Entering cleanup phase… Please Wait…
The update was successful.
Would you like to email the results to Dell (Y/N)? n
Done cleanup … quitting with an exit status of 0

EQLSAN>

SANHQSetup32And64_v3.2.1

Vmware Tools on CentOS 6.x or 7 x64

Problem:

Running Vsphere 5.x and installed the VMWare tools on a CentOS 6.x x64 system.  After an OS update that requires reboot vmware-tools does not automatically startup.

As of version 8.6.11.20852 (build-1015158) the vmware tools install script vmware-install.pl does not create a start script in /etc/init.d since it now uses upstart.

Additional information: When you installed vmware-tools you did not Enable automatic building and installation of kernel modules at boot.

Resolution:

1.) You can re-run /usr/bin/vmware-config-tools.pl after each OS update that modifies the kernel.2.) You can run /usr/bin/vmware-config-tools.pl and ENABLE the automatic building and installation of kernel modules at boot (Note: you will need to remember to enable this option with subsequent vmware-tools upgrades)

3.) You can create your own init script from the services.sh script located in the /etc/vmware-tools directory.

From command line:
[root@host]# cp /etc/vmware-tools/services.sh /etc/init.d/vmware-tools
[root@host]# vim /etc/init.d/vmware-tools

Paste the following just below the line ##VMWARE_INIT_INFO## and save:

# chkconfig: 235 03 99

[root@host]# chkconfig –add vmware-tools (two dashes)
[root@host]# chkconfig vmware-tools on

Verify that it works:
[root@host]# service vmware-tools restart