Wednesday, March 14, 2012

IPcop backup restore after install. Porting to IPfire notes

http://midnightreign.org/2006/11/22/decrypting-an-ipcop-1411-backup-key/

Transfer the encrypted key to the IPCop box

/usr/bin/openssl enc -a -d -aes256 -salt -pass pass:<yourpasswordhere> -in encrypted.backup.key -out decrypted.backup.key

Insert backup password where it says <yourpasswordhere>.
Once that’s done, simply copy your decrypted.backup.key to the correct place:

cp decrypted.backup.key /var/ipcop/backup/backup.key

and overwrite the existing file.
Now you can import your saved backup and restore your settings.

You can backup the key before you face having to regenerate it as well.

to decrypt the file, here is an example:

openssl des3 -d -salt -in honeydew.pri-2012-04-04_04-05-23.dat -out foo.tgz -kfile backup.key

With IPfire 2.15 update 77 thru 79, the xtaccess is dropped and you have to use the firewall rules to enable ports.

http://wiki.ipfire.org/en/configuration/firewall/rules/external-access

Will copy page below for setting up the 113, 5444 and 222 port entries.

ipfire notes

restore /var/ipfire/main/hosts from backup
enable external access (port 444, 222)  (change port 444 to port 5444 later)
enable ssh access (port 222)
change /etc/httpd/conf/listen.conf 444->5444
change /etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf 444->5444

pakfire  add:

7zip
htop
iftop
minicom
strace
tcpdump
telnet
traceroute

dynamic dns login goods and id will be required to be transferred.

*************************
port external access setup below for allowing external ssh and management

Step 1: Source

In the first section, you have to define the source network or IP address from where the network packets will be sent. If possible, restrict access to a single host or a group of hosts, rather than allowing any host on the internet to connect.

Step 2: Destination

Now, you will need to pick the destination for your network packets. Because you are directing traffic to a service running on the firewall itself, select the Red interface.

Step 3: Protocol

Choose the service that you wish to make accessible to the outside world. While it is technically possible to select “All” here, that would allow an outsider to connect to any service running on the firewall, and would be a huge security risk. For that reason, choose only those services to which you need to provide access.

Step 4: Done

We are almost done, now. Just make sure that you select the “ACCEPT” option, so that all packets that match your rule are accepted by the firewall and don't forget to add a descriptive remark.
Optionally, you may specify at which time the rule is active only. See Creating Firewall Rules (reference) for all about this feature.
Congratulations. You finally set up an external access!


windows command line control, local and remote

windows server 2008 is described, but might work on 2003

http://www.petri.co.il/configuring-windows-server-2008-networking-settings.htm

Monday, March 12, 2012

d key gnome keymapping gconf terminal emulator

http://ubuntuforums.org/archive/index.php/t-1595871.html

if not present sudo apt-get -y install gconf-editor

use the following
1) Alt+F2
2) gconf-editor
3) /->app->metacity->global_keybindings
4) Change the assigned keystroke for show_desktop from "<Super>d" to "<Ctrl>d" or "<Ctrl><Alt>d" or "disabled"


you will have to copy "disabled" from another field and paste it to the "show_desktop".  It is set to <super>D which blows.

Thursday, March 8, 2012

"top" for vmware esxi

Here are some notes on how to select columns for "top" on esxi (from an example).

If you have less number of ESXi hosts, you can find the process id of the VM by logging into esxi ssh session.

  1. Run the esxtop utility using the esxtop command.
  2. Press c to switch to the CPU resource utilization screen.
  3. Press Shift+f to display the list of fields.
  4. Press c to add the column for the Leader World ID.
  5. Identify the target virtual machine by its Name and Leader World ID (LWID).
  6. Press k.
  7. At the World to kill prompt, type in the Leader World ID from step 5 and press Enter.
  8. Wait 30 seconds and validate that the process is not longer listed.

If you have more esxi servers in the environment, you can find using vmkfstools -D command to find the ESXi Mac Address

Friday, March 2, 2012

vmware esxi 3.5 problem allocating memory

A problem occurred on our install of a esxi 3.5 on a small machine.  I suspect it is due to the lack of memory, and perhaps a bad answer on install, but am not sure of anything but the first.

The host is a P4 with 1gb.  it ends up with 805mb available.

An adjustment to the "vim" settings turned out to be the problem.  Links below to good hits on google and vmware sites.

This speaks of esxi 4.0, but uses the same terms with more info:

http://www.vm-help.com/esx40i/memory_allocation.php

Can't admit VM: Memory admission check failed
On a system with a lower amount of RAM you may find that ESXi allocates too much to run the vmkernel and system services not leaving sufficient memory for running VMs. In the below example, the host has 3 GB of memory. ESXi is showing about 2600 MB available for virtual machines. But an important number for virtual machines is the memory capacity shown on the Resource Allocation in the 2nd image below. This shows that my VMs have a total capacity of just over 1400 MB for VM memory overhead. A chart of memory overhead per vCPU / VM memory is shown below. VM memory overhead includes space for the VM frame buffer and virtualization data structures like shadow page tables. Once my running VMs have exhausted the 1400 MB of total capacity, I will not be able to start additional VMs even though ESXi may have plenty of free memory.
Virtual Machine Memory Overhead*
Memory(MB) 1VCPU 2VCPUs 3VCPUs 4VCPUs 5VCPUs 6VCPUs 7VCPUs 8VCPUs
256 113.17 159.43 200.53 241.62 293.15 334.27 375.38 416.5
512 116.68 164.96 206.07 247.17 302.75 343.88 385.02 426.15
1024 123.73 176.05 217.18 258.3 322 363.17 404.34 445.52
2048 137.81 198.2 239.37 280.53 360.46 401.7 442.94 484.18
4096 165.98 242.51 283.75 324.99 437.37 478.75 520.14 561.52
8192 222.3 331.12 372.52 413.91 591.2 632.86 674.53 716.19
16384 334.96 508.34 550.05 591.76 900.44 942.98 985.52 1028.07
32768 560.27 863.41 906.06 948.71 1515.75 1559.42 1603.09 1646.76
65536 1011.21 1572.29 1616.19 1660.09 2746.38 2792.3 2838.22 2884.14
131072 1912.48 2990.05 3036.46 3082.88 5220.24 5273.18 5326.11 5379.05
262144 3714.99 5830.6 5884.53 5938.46 10142.83 10204.79 10266.74 10328.69
* taken from vSphere Resource Management Guide
Let's say I have a 1 vCPU VM with 2 GB of memory. ESXi will need a memory overhead of about 137 MB to start the VM. But if I give it 1400 MB memory reservation, then ESXi will need available capacity of about 1537 MB to start the VM. In my case, the VM won't be able to start and will display the error: Can't admit VM: Memory admission check failed. I would need to have an available capacity of more that 1537 MB to start the VM.
 
So if your host is experiencing this issue, but the summary page for the host is showing that you have available memory you can tweak the memory reservations for system processes to increase the size of Memory: Total Capacity. Note that this is not a supported procedure and underallocating system resources can have a negative performance impact. Select the Configuration tab and then System Resource Allocation. Click on the Advanced link in the top right hand corner of the window to show advanced configuration options. In the below image I have selected vmvisor object and am dropping the reservation from 768 MB to 256 MB. After a few minutes the 512 MB of memory freed up from the reservation will be available on the Resource Allocation page. There are other objects which could be modified, but a change to the vmvisor reservation can quickly yield 512 MB of free memory. If an object does not let you reduce the reservation, you may get an error or the number will remain unchanged after you click OK.

this hit is on point for the problem on 3.5

http://communities.vmware.com/thread/221202

4. Jul 15, 2009 2:07 PM in response to: Dave.Mishchen…
Re: ESXi 3.5 : Admission Check Failed for Memory Resource

I got it working.


What I did was:


1) Click on the ESXi server listed in the left hand side of the Interface Client


2) Then click on the "Configuration" tab in the main pane of the Interface Client


3) Then click on the "System Resource Allocation" under the "Software" box


4) Then click on the "Advanced" in the upper right hand corner of the main pane


5) In the tree view that came up, I found and clicked on 'vim"


6) Then I clicked on the "Edit Settings" link just below the tree view, and a pop-up window came up


7) In the pop-up window,  there are grouped settings for "CPU Resources" and "Memory Resources". In the "Memory Resources" box, there are 3 settings, "Shares:" , "Reservation:" and "Limit:".  I changed the "Reservation:" one from 498 to 192, and clicked OK




Then I could start my virtual machine.  I was also able to raise the amount of memory my virutal machine had up to 1024 MB.


Thanks for your help !


--Rob