Daz’s bits and bobs

This page is hard to find, but it has it all…  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008705

To generate and import an SSL certificate on the VDM server:

Note: Certificates are only required for client‐facing systems (that is, standard, replica, or security VDM servers).

1. All the commands related to certificates need to be run in System Context. From a command prompt, run:at <time> (In 24 hour format) /interactive cmd.exeFor example:at 21:45 /interactive cmd.exeThis opens a new command window in System Context.
2. On the VDM or security server, change the directory to C:\Program Files\VMware\VMware VDM\Server\jre\bin.
3. Run the following command to create a 1024bit self-signed SSL certificate:keytool -genkey -keyalg “RSA” -keystore keys.p12 -storetype pkcs12 -validity 360To generate 2048bit certificate, run the command:keytool -genkey -keyalg “RSA” -keysize 2048 -keystore keys.p12 -storetype pkcs12 -validity 360Note: The keys.p12 file is created in the current directory.
4. Run the following command to create a certificate signing request (CSR):keytool -certreq -keyalg “RSA” -file certificate.csr -keystore keys.p12 -storetype pkcs12 -storepass <secret> , w here <secret> is the keystore passwordNote: The certificate.csr file is created in the same location.
5. Send the CSR file (certificate.csr) to a certificate authority and request a certificate in PKCS7 format.Note: If the certificate authority does not offer PKCS7 as a format, see Exporting into PKCS7 format in this article for information about exporting the certificate data in the appropriate format.
6. Copy the contents of the file into a text editor and save it as certificate.p7. The content appears similar to:—–BEGIN PKCS7—–
   MIIF+AYJKoZIhvcNAQcCoIIF6TCCBeUCAQExADALBgkqhkiG9w0BBwGgggXNMIID
   LDCCApWgAwIBAgIQTpY7DsV1n1HeMGgMjMR2PzANBgkqhkiG9w0BAQUFADCBhzEL
   i7coVx71/lCBOlFmx66NyKlZK5mObgvd2dlnsAP+nnStyhVHFIpKy3nsDO4JqrIg
   EhCsdpikSpbtdo18jUubV6z1kQ71CrRQtbi/WtdqxQEEtgZCJO2lPoIWMQA=
   —–END PKCS7—–

   Note: For more information about importing certificates issued by an OpenSSL CA, see Importing certificates issued by an OpenSSL CA (1007390).

7. Run the following command to import certificates issued by CA:keytool -import -keystore keys.p12 -storetype pkcs12 -storepass <secret> -keyalg “RSA” -trustcacerts -file certificate.p7Where <secret> is the keystore password (the password you used when exporting the certificate).
8. To configure the View Connection Server to use the new certificate, place the new certificate and copy the keys.p12 file (the keystore file) in C:\Program Files\VMware\View Manager\Server\sslgateway\conf.
9. Modify or create the following file:C:\ProgramFiles\VMware\View Manager\Server\sslgateway\conf\locked.properties
10. Add the following properties:keyfile=keys.p12
    keypass=<secret>

    Where <secret> is the keystore password (the password you used when exporting the certificate).

11. Restart the View Connection Server service.

Exporting into the PKCS7 format

To export into the PKXS7 format:

1. Open the certificate file.
2. Click Details > Copy to File.
3. Click PKCS7, then select Include Details of Certificate.

   The file is saved with a .P7B extension.

This happens when the virtualcenter service tries to start before some of its dependencies are up and running. Typically due to SQL Server not being in a running state when it tries to startup.

If your in windows 2008 you can choose the service to start automatically (delayed), and most of the time this will resolve the problem. If you want to do it properly, and in a more clean way…. you’ll need to add SQL as a dependency.

Open regedit and go to the following key;    (find the sevice name that virtual cetner is running under – vpxd in this case)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vpxd

Open and modify the “Depend on Service” Multi-String and append the following (specific to my environment, but Adam for vmware and sqlserver)

MSSQLSERVER
ADAM_VMwareVCMSDS

So my DependOnService Multi-String now reads;

ProtectedStorage
lanmanworkstation
MSSQLSERVER
ADAM_VMwareVCMSDS

Done.

On next reboot the virtual center service will wait for its dependencies to start before it tries to start itself.

You must create your ODBC connection using the 32-bit ODBC program. It is not as simple as running odbcad32.exe from the run / search bar.

you must run the following to get the actual 32-bit version;

%systemdrive%\Windows\SysWoW64\Odbcad32.exe

Populate this with the details and you should see it in the virtual center installer.

I hit this as a problem recently. One of my disks died in my raidz so i ran down to the store and grabbed me a replacement WD10EARS (Western Digital 1Tb Green) drive.

BUT…

The one thing the store didn’t mention to me is the new 4K cluster sizing on the drive. I guess they assume most people run windows (though the issues are also present in XP). See these posts…

http://blog.temeletry.co.uk/2010/05/wd-green-wd10ears/

Unfortunately they really don’t work as well as you’d like in a server 

• They come with a 5 second head spin down setting that causes them to park their heads if they have been left idle for more than 5 seconds. As it takes a second or two to spin back up this can result in a very laggy experience during interactive sessions.
• They do not have NCQ or any form of command queing/optimisation. This means that (on FreeBSD at least) you are stuck in the LOOK elevator. In particular this was noticed when doing sequential read & write (think dump|restore tar|untar etc) and interactive tasks simultaneously
• They really suck with FreeBSD and ZFS…

http://community.wdc.com/t5/Desktop/Poor-performace-in-OpenSolaris-with-4K-sector-drive-WD10EARS-in/m-p/21132

While the other 512-byte sector HDDs were reading/writing at 30MB/s sustained, this EARS model did not exceeded the 1MB/s barrier.

I know for sure that this is related to the 512-byte sector firmware emulation, because the disk works perfectly well if I partition it in a 4k-sector alignment.

The thing is that even in that way, using it in a ZFS RAIDZ configuration the performance is very poor because RAIDZ uses a dynamic stripe size.

The bottom line here is that folks like me, that use different versions of Unix, need the firmware to present the disk as a 4K-sector disk to unleash the full potential of the technology. The OS is already prepared to support that sector size, no need for emulation here.

http://opensolaris.org/jive/thread.jspa?threadID=125702

Some preliminary testing that I have done…the WD20EARS (2TB advanced format drives) actually presents emulated 512byte sectors to the host o/s.

The drive documentation indicates that jumpers 7-8 should be enabled if the o/s does not support advanced format drives – the drive still present 512 bytes sectors.

I have attempted to raise a support ticket querying this, and how one can disable 512byte sector emulation in the drive (perhaps through a firmware upgrade) but I have not received any response to date.

Hopefully is enough people raise support tickets, WD may release firmware that allows the drive to natively present 4k blocks. Other doco indicates several other jumper combinations – all do not seem to make the drive present 4k byte blocks.

Perhaps someone internal to sun that has a relationship with WD may be able to shed some light on this? It would be fantastic to find out that I was just doing something wrong -> then I can get the drives to be seen on 32bit systems (ie – our embedded kit for osol, velitium)

Tested using b133 (64bit intel).

Try to avoid the green drives in ZFS for now. Remember to do your research before you buy a bunch of disks. I was caught off guard by this small change (works fine in win7 etc) which kills performance in ZFS. Ouch.

I ran through a pkg verify the other day and came across a lot of errors. Running the subsequent pkg fix command presented me with this…

pkg: Requested “install” operation would affect files that cannot be modified in live image.

Please retry this operation on an alternate boot environment.

This is the fix….

mkdir /mnt/osol-134fix
beadm create osol-134fix
beadm mount osol-134fix /mnt/osol-134fix
pkg -R /mnt/osol-134fix fix –accept
beadm activate osol-134fix

Then reboot your machine into the new boot image