VMware: How To Mount a USB Thumb Drive as a Data Store

Although USB is not a recommended data store type, it is still possible to mount this type of storage in VMWare. It should also be noted that VMWare will not provide support for this work around. Caveat emptor to those who choose to follow my mickey mouse methods. Also, one must be advised that a change in “USB Arbitrator” setting will affect all guests on such particular host.

Some benefits of using USB media are for storing: ISOs, infrequently used bulk files, and backup repositories. This is to save precious SAN volumes for other redundancy required production workloads.

# Get a list of existing disks

[rambo@testbox:~] ls /dev/disks/
mpx.vmhba33:C0:T0:L0
mpx.vmhba33:C0:T0:L0:1
mpx.vmhba33:C0:T0:L0:5
mpx.vmhba33:C0:T0:L0:6
mpx.vmhba33:C0:T0:L0:7
mpx.vmhba33:C0:T0:L0:8
mpx.vmhba33:C0:T0:L0:9
t10.ATA_____Samsung_SSD_850_PRO_512GB_______________S250NX0H835192J_____
t10.ATA_____Samsung_SSD_850_PRO_512GB_______________S250NX0H835192J_____:1
vml.0000000000766d68626133333a303a30
vml.0000000000766d68626133333a303a30:1
vml.0000000000766d68626133333a303a30:5
vml.0000000000766d68626133333a303a30:6
vml.0000000000766d68626133333a303a30:7
vml.0000000000766d68626133333a303a30:8
vml.0000000000766d68626133333a303a30:9
vml.0100000000533235304e5830483833353139324a202020202053616d73756e
vml.0100000000533235304e5830483833353139324a202020202053616d73756e:1

# Stop USB Arbitrator (pass-through) service
/etc/init.d/usbarbitrator stop

# Disable USB Arbitrator
chkconfig usbarbitrator off

# Plugin USB thumb drive

# Run list disks command again to locate the newly detected item
[rambo@testbox:~] ls /dev/disks/
mpx.vmhba32:C0:T0:L0
mpx.vmhba32:C0:T0:L0:1
mpx.vmhba33:C0:T0:L0
mpx.vmhba33:C0:T0:L0:1
mpx.vmhba33:C0:T0:L0:5
mpx.vmhba33:C0:T0:L0:6
mpx.vmhba33:C0:T0:L0:7
mpx.vmhba33:C0:T0:L0:8
mpx.vmhba33:C0:T0:L0:9
t10.ATA_____Samsung_SSD_850_PRO_512GB_______________S250NX0H835192J_____
t10.ATA_____Samsung_SSD_850_PRO_512GB_______________S250NX0H835192J_____:1
vml.0000000000766d68626133323a303a30
vml.0000000000766d68626133323a303a30:1
vml.0000000000766d68626133333a303a30
vml.0000000000766d68626133333a303a30:1
vml.0000000000766d68626133333a303a30:5
vml.0000000000766d68626133333a303a30:6
vml.0000000000766d68626133333a303a30:7
vml.0000000000766d68626133333a303a30:8
vml.0000000000766d68626133333a303a30:9
vml.0100000000533235304e5830483833353139324a202020202053616d73756e
vml.0100000000533235304e5830483833353139324a202020202053616d73756e:1

# Make partition table for new disk
partedUtil mklabel /dev/disks/vml.0000000000766d68626133323a303a30 gpt

# Find end sector
partedUtil getptbl /dev/disks/vml.0000000000766d68626133323a303a30

[rambo@testbox:~] partedUtil getptbl /dev/disks/vml.0000000000766d68626133323a303a30
Error: The primary GPT table on '/dev/disks/mpx.vmhba32:C0:T0:L0' is OK, but secondary is corrupt. Fix secondary table? This will move secondary at the end in case it is not at the end already. It will also set LastUsableLBA to use all the space at the end. diskSize (1048576000) AlternateLBA (1048575999) LastUsableLBA (1048575966)
gpt
65270 255 63 1048576000

# Calculate
# 65270 * 255 * 63 - 1 = 1048562549

# Create VMFS partition
# The start sector is always 2048
# The GUID for VMFS is AA31E02A400F11DB9590000C2911D1B8
partedUtil setptbl /dev/disks/vml.0000000000766d68626133323a303a30 gpt "1 2048 1048562549 AA31E02A400F11DB9590000C2911D1B8 0"

# An example of command being successful
[rambo@testbox:~] partedUtil setptbl /dev/disks/vml.01000000003443353330303030323430
343230313035353335556c74726120 gpt "1 2048 240252074 AA31E02A400F11DB9590000C291
1D1B8 0"
gpt
0 0 0 0
1 2048 240252074 AA31E02A400F11DB9590000C2911D1B8 0

# Run this command if the existing gpt disk has errors
[rambo@testbox:~] partedUtil fixGpt /dev/disks/vml.0000000000766d68626133323a303a30
FixGpt tries to fix any problems detected in GPT table.
Please ensure that you don't run this on any RDM (Raw Device Mapping) disk.
Are you sure you want to continue (Y/N): Y
Error: The primary GPT table on '/dev/disks/mpx.vmhba32:C0:T0:L0' is OK, but secondary is corrupt. Fix secondary table? This will move secondary at the end in case it is not at the end already. It will also set LastUsableLBA to use all the space at the end. diskSize (1048576000) AlternateLBA (1048575999) LastUsableLBA (1048575966)
Fix/Ignore/Cancel? Fix
gpt
65270 255 63 1048576000
1 2048 1048562549 AA31E02A400F11DB9590000C2911D1B8 vmfs 0

# Format partition with vmfs6
vmkfstools -C vmfs6 -S USB-Datastore1 /dev/disks/vml.0000000000766d68626133323a303a30:1

# Example of successful command
[rambo@testbox:~] vmkfstools -C vmfs6 -S USB-Datastore /dev/disks/vml.01000000003443
353330303030323430343230313035353335556c74726120:1
create fs deviceName:'/dev/disks/vml.01000000003443353330303030323430343230313035353335556c74726120:1', fsShortName:'vmfs6', fsName:'USB-Datastore'
deviceFullPath:/dev/disks/t10.SanDisk00Ultra00000000000000000000004C530000240420105535:1 deviceFile:t10.SanDisk00Ultra00000000000000000000004C530000240420105535:1
ATS on device /dev/disks/t10.SanDisk00Ultra00000000000000000000004C530000240420105535:1: not supported
.
Checking if remote hosts are using this device as a valid file system. This may take a few seconds...
Creating vmfs6 file system on "t10.SanDisk00Ultra00000000000000000000004C530000240420105535:1" with blockSize 1048576, unmapGranularity 1048576, unmapPriority default and volume label "USB-Datastore".
Successfully created new volume: 5d5ab29d-2aa0b031-7cbf-94c691abb6e2

# Check mounts
esxcfg-scsidevs -m

[rambo@testbox:~] esxcfg-scsidevs -m
t10.ATA_____Samsung_SSD_850_PRO_512GB_______________S250NX0H835192J_____:1 /vmfs/devices/disks/t10.ATA_____Samsung_SSD_850_PRO_512GB_______________S250NX0H835192J_____:1 5c8206f0-49fe1606-76b6-94c691abb6e2 0 SamsungSSD
mpx.vmhba32:C0:T0:L0:1 /vmfs/devices/disks/mpx.vmhba32:C0:T0:L0:1 5d59f580-2570f44c-5b05-94c691abb6e2 0 USB-Datastore1

[root@esx1:~] esxcfg-scsidevs -m
t10.ATA_____Samsung_SSD_850_PRO_512GB_______________S250NX0H835192J_____:1 /vmfs/devices/disks/t10.ATA_____Samsung_SSD_850_PRO_512GB_______________S250NX0H835192J_____:1 5c8206f0-49fe1606-76b6-94c691abb6e2 0 SamsungSSD
t10.SanDisk00Ultra00000000000000000000004C530000240420105535:1 /vmfs/devices/disks/t10.SanDisk00Ultra00000000000000000000004C530000240420105535:1 5d5ab29d-2aa0b031-7cbf-94c691abb6e2 0 USB-Datastore

ESXi 6.5 Installation Instructions

Prepare to Install


⦁ Reserve host Management & vMotion IPs

⦁ Pick an available IP from the IP tracking spreadsheet
⦁ Ping such IP’s to ensure that it is not being used by an existing device
⦁ Confirm with Systems/Network Team that such IP could be assigned without conflicts

⦁ Add DNS entry of new host into Active Directory Integrated DNS

⦁ Access a DNS server
⦁ Run MMC DNS utility to add A-host and Reverse Lookup records for new host following the below example

⦁ Install SSH client & Internet browser onto client workstation

⦁ Add a SSH console such as OpenSSH Client or Putty
⦁ Verify that IExplorer, Chrome, or Firefox with HTML5 capability is available

⦁ Verify that the ISO is available at this path: ⦁ \\nas\System Engineering\Software\VMware\
⦁ Apply Server Profile

⦁ Prior to applying a server profile, the targeted host must be turned off: OneView > Server Hardware > Select the appropriate Server Item > Click on Actions > Power Off

 

⦁ Create Server Profile

OneView > Server Hardware > Select the appropriate Server Item > Click on “Create Profile” from the Hardware section > mimic this screenshot to apply an ESXi Template

Initialize ESXi host

⦁ Launch iLO Console to mount the ESXi virtual ISO

⦁ Access OneView > Server Profiles > Actions > Launch Console

⦁ Assuming that the HTML5 or Java iLO Web Part has already been installed prior, this screen should appear

⦁ “Virtual Drives” is set via the Image File option

Begin the Install

⦁ Click on Power Switch and allow POST to proceed and pause at this screen

⦁ Click Continue and follow the prompt to arrive here

⦁ Do not perform an in place upgrade with older version if prompted. Select overwrite for installation.
⦁ Generate the root password according to our standardized requirements
⦁ Input the host’s root password into Passwords Safe
⦁ Press F2 to log into the console for the initial “System Customization”
⦁ From the “Troubleshooting Options” screen, Enable the ESXi Shell and SSH

⦁ Set management console IP, subnet and default gateway (sample below)

⦁ Disable IPv6 configuration

⦁ Set in lower case the FQDN hostname and DNS servers:
⦁ Mars: Primary 10.10.10.10 Secondary 10.10.10.11
⦁ Venus: Primary 10.10.20.10 Secondary 10.10.20.11

⦁ Set the domain name for Custom DNS Suffixes

⦁ Test Management Network Settings
⦁ Ping the management console IP to test the network settings.
⦁ Verify setup by using the Testing Management Network utility

Perform More Configurations via SSH

Engineers may prefer to use the console shell or another SSH client such as putty to execute these lines. These instructions are intended for those that already have familiarity with ESXi servers and CLI commands. Thus, CLI tools availability on the Engineer’s PC is assumed.

Isolation Tools

⦁ Execute the following command from the CLI as the root user:

cp -p /etc/vmware/config /etc/vmware/config.orig

echo 'isolation.tools.copy.disable = "FALSE"' >> /etc/vmware/config

echo 'isolation.tools.paste.disable = "FALSE"' >> /etc/vmware/config

cat /etc/vmware/config
Add centralized logging

⦁ Execute the following command from the CLI (assuming 10.10.10.100 is the syslog server):

esxcli system syslog config set --loghost='udp://10.10.10.100:514'

esxcli system syslog reload

esxcli network firewall ruleset set --ruleset-id=syslog --enabled=true

esxcli network firewall refresh
  • Check settings
[KIMCONNECT\admin@FLO-ESX05:~] esxcli system syslog config get
Default Network Retry Timeout: 180
Dropped Log File Rotation Size: 100
Dropped Log File Rotations: 10
Enforce SSLCertificates: true
Local Log Output: /scratch/log
Local Log Output Is Configured: false
Local Log Output Is Persistent: true
Local Logging Default Rotation Size: 1024
Local Logging Default Rotations: 8
Log To Unique Subdirectory: false
Message Queue Drop Mark: 90
Remote Host: udp://10.10.10.100:514
ESXi Storage configuration
Change default pathing policy and IOPS options

⦁ Execute the following command from the CLI to set the default PSP:

esxcli storage nmp satp set --default-psp=VMW_PSP_RR --satp=VMW_SATP_ALUA

⦁ Use the following command to create a custom SATP rule that will allow the ESXi host to configure the HPE 3PAR LUNs to use Round Robin multipath policy. The command must be executed on each ESXi host that is connected to the HPE 3PAR array.

esxcli storage nmp satp rule add -s "VMW_SATP_ALUA" -P "VMW_PSP_RR" -O "iops=1" -c "tpgs_on" -V "3PARdata" -M "VV" -e "HPE 3PAR Custom Rule"

⦁ Verify the new rule using the following commands:

esxcli storage nmp device list
esxcli storage nmp satp list
esxcli storage nmp satp rule list | grep "3PARdata"

⦁ Set the queue-full-threshold parameter to a value less than or equal to queue-full-sample-size:

esxcli system settings advanced set -o /Disk/QFullSampleSize -i "32"
esxcli system settings advanced set -o /Disk/QFullThreshold -i "4"

⦁ Disable ATS heartbeats:

esxcli system settings advanced set -i 0 -o /VMFS3/UseATSForHBOnVMFS5

⦁ Review settings:

esxcli system settings advanced list -o /VMFS3/UseATSForHBonVMFS5

Secure ESXi Host
Configure TLS

Run the following command to only enable TLS1.2 for the UserVars.ESXiVPsDisabledProtocols Advanced setting

esxcli system settings advanced set -o /UserVars/ESXiVPsDisabledProtocols -s "sslv3,tlsv1,tlsv1.1"

Edit the config.xml file
⦁ Make a backup of config.xml

cp -p /etc/vmware/rhttpproxy/config.xml /etc/vmware/rhttpproxy/config.xml_orig

⦁ Edit the config file using vi text editor

vi /etc/vmware/rhttpproxy/config.xml

⦁ Type /ssl to search for that keyword > press enter > edit the SSL section with this:

<ssl>
<doVersionCheck> true </doVersionCheck><!-- allowed SSL/TLS protocol versions --><protocols>tls1.2</protocols>
<cipherList>!aNULL:kECDH+AESGCM:ECDH+AESGCM:!RSA+AESGCM:kECDH+AES:ECDH+AES:!RSA+AES</cipherList>
<libraryPath>/lib/</libraryPath>
</ssl>
Add TLS and Cipher Settings

TLS and Cipher settings are set inside the configuration file of the small footprint CIM broker (SFCB) since that Common Information Model (CIM) provider controls sfcbd and openwsman in ESXi 6.5. It must be disabled for changes in SFCB to become effective.

⦁ Disable the WBEM and execute the following commands

esxcli system wbem set --enable false

⦁ Make a backup of fscb.cfg

cp -p /etc/sfcb/sfcb.cfg /etc/sfcb/sfcb.cfg_orig

⦁ Append some lines to the tail of sfcb.cfg file

cat << EOT >> /etc/sfcb/sfcb.cfg
enableTLSv1:false
enableTLSv1_1:false
enableTLSv1_2:true
sslCipherList:!aNULL:kECDH+AESGCM:ECDH+AESGCM:kECDH+AES:ECDH+AES
EOT

⦁ Re-enable the WBEM services.

esxcli system wbem set --enable true
Disable remote SSH root login and CBC cipher

These procedures will require a host reboot or systems reload to become effective. Please be advised that once this policy is active, CLI root commands will be prevented.

⦁ Backup the sshd_config file prior to changing it

cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.orig

⦁ Execute the following command from the CLI to disable remote root login and CBC Ciphers

⦁ Execute the following command to confirm new settings

cat /etc/ssh/sshd_config
Optional: Re-enable SSH Root Login

In the event that SSH root login is required (or when Active Directory integration is broken), this is the method to reverse changes in previous sub-section.

⦁ Gain console access to ESXi host
⦁ If using HPE OneView: click on OneView > Server Profiles > highlight the correct ESXi host name > click on Actions > Launch Console
⦁ If using iLO: simply login to the iLO IP address or hostname of the intended machine and launch console
⦁ Edit sshd_config via ESX Shell within console
⦁ At the login screen, press Alt + F1 to enter Shell Mode
⦁ Execute the following command from the CLI to disable remote root login and CBC Ciphers:
⦁ Restart sshd
/etc/init.d/SSH restart
⦁ Exit Shell Mode by pressing Alt + F2

Further Configuration via Web UI

⦁ Navigate to the ESXi server Web UI URL using iExplore or Chrome: https://servername_or _IP/

⦁ Uncheck Join the VMware Customer Experience Improvement Program. This prompt only appears once upon initial login.

⦁ Right click on Host to “Enter Maintenance mode”

⦁ Set Admin Groups

⦁ Navigate to the “Manage” menu, click on the “System” tab and under Advanced Settings, rename the “Config.HostAgent.plugins.hostsvc.esxAdminsGroup” value to “VMware Enterprise Admins”

⦁ On the “System” tab under Advanced Settings, change the “UserVars.SuppressShellWarning” value to “1”

Configure time sources

⦁ Navigate to Manage > System > Time & date > Edit settings
⦁ Select Start and stop with host for the NTP Service Start Policy
⦁ Set the appropriate NTP Servers by separate them with commas
10.10.10.10, 10.10.10.11 (DC1 & DC2)
⦁ Save settings
⦁ Click on Actions > NTP Service > Start

Set Certificates
Rename local data stores

Navigate to the “Storage” menu > rename the local Datastore to HOSTNAME_001 (e.g. FLO-ESX05_001)

Join Active Directory

⦁ Click on “Manage” > “Security and users” > “Authentication > “Join Domain”
⦁ Use a Domain Admin account to complete this step

Configure Networking

⦁ Click on “Networking” > right-click “VM Network” > Remove
⦁ Select Virtual Switches tab > right-click vSwitch0 > Add Uplink > configure all the Security settings to Reject > Save

⦁ Click Add standard virtual switch > name it vSwitch1 > set vmnic 6 as uplink 1 > Add > right-click vSwitch1 > Add uplink > select vmnic7 > Save

⦁ Select the VMKernel NICs tab > Add VMkernel NIC > set New port group as “vMotion” > click IPv4 settings > input an assigned static IP and Subnet mask > set TCP/IP stack as “vMotion stack” > Create

⦁ Click on Port groups tab > add a new port group with the format of 082_10.X.X to vSwitch0

⦁ Right-click “Management Network” port group > NIC Teaming > confirm the Override failover order for the NIC teaming of “vmnic1” as “Standby” > Save

⦁ Right-click “vMotion” port group > NIC Teaming > set NIC Teaming Failover order of“vmnic0” as “Standby” > Save

⦁ Select Port groups tab > add a new port group name vCSA-HA to vSwitch1 with default settings

⦁ Select Port groups tab > add a new port group name MSCS to vSwitch1 with defaults settings

vCenter Integration
Add ESXi host to vCenter

⦁ Log into the vCenter vSphere Web Client and add the ESXi host to the data center object.
⦁ This screenshot is showing a new host addition to the LAS cluster

Licensing

⦁ Licensing options may already have been set in the previous step. In case it has been bypassed, here is the sequence to access this screen:
Select host > Configure > System > Licensing > Assign License

⦁ Associate new host with a valid license (VMware vCloud Suite Advanced for vSphere 6)

Configure with vSphere Distribute Switch

This section assumes that Distributed Switch(es) are already created prior, and that our new ESXi host is to be added into such Distributed Switches

⦁ From the “Networking” tab, locate and right-click on the desired “vSphere Distributed Switch”

⦁ Click on “Add and Manage Host,” then follow the wizard to completion while match these hinting screenshots
⦁ Uncheck the default selection of “Manage VMkernel adapters” while following the wizard prompts

⦁ Set vmnic4 & vmnic5 as uplinks


Update VMWare Host
VMWare Update Manager

⦁ Ensure that the host is in “Maintenance” mode.
⦁ From the “Update Manager” tab, highlight the server and click on the “Scan” link from the top right corner.
⦁ After the scan has completed, click on the “Stage Patches” button. Select these baselines to stage the targeted host:

⦁ Critical Host Patches (Predefined)
⦁ Non-Critical Host Patches (Predefined)

⦁ Click on Remediate and apply the patches using the default choices presented by the wizard. The machine will reboot during this process.

⦁ Enabling the ESXi Side-Channel-Aware Scheduler using the vSphere Web Client.

Click on Configure > Advanced System Settings > Search for “VMkernel.Boot.HyperthreadingMitigation” > Edit > Search for “Restrict” > select “Enabled” > OK

Scan for Vulnerabilities

⦁ Notify Information Security team to perform a risk assessment with a vulnerability scan.
⦁ Remediate any identified vulnerabilities.

Validate Machine Production Ready

⦁ Move one test VM to this new ESXi host to verify functionality (like login, ping from remote host…).

Set Host as Ready for production

⦁ Move the ESXi host to the proper cluster.
⦁ Notify Infrastructure team of the new ESXi host availability

Troubleshooting Section

⦁ Unable to connect via vSphere Client with this error:

Resolution: install the correct version of vSphere Client or use the browser based version of vSphere client to connect to the ESXi host.

⦁ How to restart all services on ESXi without a reboot

services.sh restart

⦁ Restart host management agents

/etc/init.d/hostd restart
/etc/init.d/vpxa restart

PowerShell: Hyper-V Management

Migrate Live Virtual Machines (In Clustered Environment):
# Connect to Hyper-V Host
$remoteHost="HYPERV01"
Enter-PsSession $remoteHost
# Move all VMs to another Hyper-V Host in a Clustered Environment

# Set Variables
$AllHyperVHosts={(Get-ClusterNode | Where { $_.State –eq "Up" }).Name | %{$_.ToLower()}}.Invoke() # Cast result as Array type
$otherHyperVHosts=$AllHyperVHosts -ne "$(($env:computername).ToLower())" # Operate on array
$allRunningVMs=Get-VM | Where { $_.State –eq "Running" } | select Name,Path

function selectHyperVHost{
$i=0
$otherHyperVHosts | %{"$i`. $_";$i++;}
do {
$hostIndex=Read-Host -Prompt 'Select the index number corresponding to target host name'
$GLOBAL:selectedHost=$otherHyperVHosts[$hostIndex]
} until ($hostIndex -lt $otherHyperVHosts.length)
}

# Recurse into array of VM names, move each vm to the other host
selectHyperVHost
$allRunningVMs | %{Move-ClusterVirtualMachineRole -Name $_.Name -Node $selectedHost}
# Drain role of this node
Suspend-ClusterNode -Name $env:computername -Target $selectedHost -Drain

# Resume roles of this suspended node
Resume-ClusterNode $env:computername

# Resume roles of all suspended nodes
Get-ClusterNode | Resume-ClusterNode -Failback Immediate

Sample Output

PS C:\Windows\system32> $allRunningVMs | %{Move-ClusterVirtualMachineRole -Name $_.Name -Node $selectedHost}

Name OwnerNode State
---- --------- -----
Berlin Aruba ClearPass Policy Manag... hv01 Online
Berlin DFS Namespace Server 01 hv01 Online
Berlin DHCP Core hv01 Online
Berlin Domain Controller 01 hv01 Online
Berlin Domain Controller 02 hv01 Online
Berlin Exchange 02 hv01 Online
Berlin File Server 01 hv01 Online
Berlin Management Server hv01 Online
MoscowIT Certificate Authority 01 hv01 Online
Reference commands:
# List Running VMs
Get-VM | Where { $_.State –eq "Running" }

Name State CPUUsage(%) MemoryAssigned(M) Uptime Status
---- ----- ----------- ----------------- ------ ------
Exchange 01 Running 1 32768 158.00:10:24 Operating normally
ADFS Running 0 4096 1.09:56:41 Operating normally
# Force shutdown of all running VMs
$allRunningVMs=(Get-VM | Where { $_.State –eq "Running" }).Name
$allRunningVMs | %{Stop-VM
-Name $_ -Force}
# Move 1 VM to another Host
$otherHyperVHost="HYPERV02"
$destinationStoragePath="C:\ClusterStorage"
$vmToMove="SOMEVM"

# Unclustered VM move
Move-VM
$vmToMove $otherHyperVHost-IncludeStorage -DestinationStoragePath "$destinationStoragePath`\$($vmToMove -replace '\s','')"

# Live migration
Move-ClusterVirtualMachineRole -Name $vmToMove -Node $otherHyperVHost

# Offline resource migration
Move-ClusterGroup -Name $vmToMove -Node $otherHyperVHost
# Move all VMs to another Hyper-V Host in an Unclustered Environment
$otherHyperVHost="HYPERV02"
$destinationStoragePath="C:\ClusterStorage"
$allVMs=(Get-VM).Name

# Recurse into array of VM names, move each vm to the other host with storage destination paths using labels of each VM (spaces removed)
$allVMs |%{Move-VM
$_ $otherHyperVHost-IncludeStorage -DestinationStoragePath "$destinationStoragePath`\$($_ -replace '\s','')"}

PowerShell: Connect to Azure CLI

# Set PSGallery as trusted to bypass prompts
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted -WarningAction Silently
Continue
# Configure PSSession to authenticate to intranet proxy, if exists
(New-Object System.Net.WebClient).Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
# Install Azure CLI
Install-Module -Name Az -AllowClobber
# Set Credentials
$username="dude1@kimconnect.com"
$password=ConvertTo-SecureString -AsPlainText "PASSWORD" -Force
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $username,$password
$tenant="xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx"
# Connect to Azure the normal way
Connect-AzAccount -Credential $cred
# Connect to Azure the funky way
Connect-AzAccount -Credential $cred -Tenant $tenant -ServicePrincipal
# Connect to Azure with 2nd Factor Authenticaton
...

Docker: Update Startup Policy for Running Containers

# Update only 1 container by name (instead of ID)
docker update --restart=always kimconnect
# View existing container IDs
docker ps -q
6c65da0f8c1d
4a91a766b3db
f9b235680fa2
# View containers by names and statuses
docker ps --all --format "table {{.Names}}\t{{.Status}}\t{{.RunningFor}}"
NAMES STATUS CREATED
shellinabox Exited (137) 18 minutes ago 4 weeks ago
kimconnect Up 17 minutes 3 months ago
openproject Exited (137) 4 weeks ago 4 months ago
mysql-server Up 23 minutes (healthy) 4 months ago
blog Exited (0) 4 weeks ago 4 months ago
alpine Exited (137) 4 months ago 4 months ago
portainer Up 23 minutes 4 months ago
# Update restart policies for all currently running containers
docker update --restart=always $(docker ps -q)
6c65da0f8c1d
4a91a766b3db
f9b235680fa2

AWS-CLI: Detach A Volume

Check Volume’s Status
PS C:\Windows> aws ec2 describe-volumes --region us-west-1 --volume-ids vol-0a0f16ef5a9d69a29
{
"Volumes": [
{
"Attachments": [
{
"AttachTime": "2019-06-10T04:49:02.000Z",
"Device": "/dev/sda1",
"InstanceId": "i-0c8a54804bdef133a",
"State": "attached",
"VolumeId": "vol-0a0f16ef5a9d69a29",
"DeleteOnTermination": false
}
],
"AvailabilityZone": "us-west-1c",
"CreateTime": "2019-06-10T04:34:51.619Z",
"Encrypted": true,
"Size": 30,
"SnapshotId": "snap-041a3825ebe9c3c33",
"State": "in-use",
"VolumeId": "vol-0a0f16ef5a9d69a29",
"Iops": 100,
"Tags": [
{
"Key": "Name",
"Value": "kimconnect"
}
],
"VolumeType": "gp2"
}
]
}

Since the volume is currently mounted as /dev/sda1 on InstanceID i-0c8a54804bdef133a, it must be unmounted prior to a detachment

Yo detach this...

Now, the force detach command

...

Install AWS Command Line Interface on Windoze

Obtain AWS Access Key:

Log into AWS > click on your User Name > My Security Credentials > acknowledge any warnings > click on Access keys (access key ID and secret access key) > download key

Install AWS-CLI:

Assuming that Chocolatey is installed on the system:

choco install awscli -y
Configure AWS-CLI
& "C:\Program Files\Amazon\AWSCLI\bin\aws.exe" configure
Example output:
PS C:\Windows\system32> & "C:\Program Files\Amazon\AWSCLI\bin\aws.exe" configure
AWS Access Key ID [None]: AKIAHONDA_TOYOTA_BEST_BRANDS
AWS Secret Access Key [None]: VCLE_WASSUP_BRO_WERE_GOING_HI_TECH_NOW
Default region name [None]: us-west-1
Default output format [None]: json
Check Version
PS C:\Windows> & "C:\Program Files\Amazon\AWSCLI\bin\aws.exe" --version
aws-cli/1.16.193 Python/3.6.0 Windows/10 botocore/1.12.183
Add AWS-CLI into Environmental Path
$awsCliPath="C:\Program Files\Amazon\AWSCLI\bin"
$env:Path += ";$awsCliPath"

How To Use Putty with an AWS Private Key

Step 1: convert .PEM file into a .PPK format

Run puttygen.exe

Click on Load

Navigate to a .PEM file as downloaded from AWS > click OK to select it

Click Save Private Key > place the resulting .PPK file onto the Desktop

Step 2: Configure putty to use the generated .PPK file

Run: putty.exe > navigate to Connection > SSH > Auth > click on Browse to import the .PPK file as generated by the previous step

Navigate to Connection > set the keepalive packets interval to 60 [seconds]

Navigate back to Session > input the connection string URL (e.g. tupac_shakur@kimconnect.com) > set port number >  give this setup a name > Save > Open when ready to connect

Hyper-V Administration Console

Install the Hyper-V Management Console

# Windows 2016 or higher: install the Hyper-V management tool pack (Hyper-V Manager and the Hyper-V PowerShell module)

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Tools-All

Output:

PS C:\Windows\system32> Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Tools-All
Path :
Online : True
RestartNeeded : False

Alternate output:

PS C:\Windows\system32> Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Tools-All
Enable-WindowsOptionalFeature : Feature name Microsoft-Hyper-V-Tools-All is unknown.
At line:1 char:1
+ Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V- ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Enable-WindowsOptionalFeature], COMException
+ FullyQualifiedErrorId : Microsoft.Dism.Commands.EnableWindowsOptionalFeatureCommand

PS C:\Windows\system32> add-windowsfeature rsat-hyper-v-tools

Success Restart Needed Exit Code Feature Result
------- -------------- --------- --------------
True No Success {Hyper-V Module for Windows PowerShell, Hy...
# Windows 2008 R2

# Import this to avoid error: The term 'add-windowsfeature' is not recognized as the name of a cmdlet
Import-Module servermanager

# Install hyper-v manager
add-windowsfeature rsat-hyper-v-tools
# Initiate the Hyper-V Manager

virtmgmt.msc

Start the Hyper-V Management Console:

Run: virtmgmt.msc > right-click Hyper-V Manager > Connect to Server… > click the radio button next to ‘Another computer:’ selection > input the Hyper-V host name > OK > repeat process to add other Hyper-V nodes onto this management console

After the servers have been added into the console, the list will be automatically saved. Hence, closing and re-opening of the Hyper-V console will call this list as defaults

CentOS System Rescue on AWS

Once upon a ‘right-now’ time, an EC2 instance on AWS would not come back online after a graceful reboot command.

The log extract:

Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.0-957.12.2.el7.x86_64 #1
Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006

For unknown reasons, no amount of restarts or stop-and-waits would bring this machine back alive. One then had to resort to the system rescue procedure as follows:

Create a new instance using a similar AMI > take a snapshot of old volume from old instance > detach the volume from old instance > attach old volume to new machine at /dev/sda2 > ssh into new instance by following this procedure > then follow these next steps

# Check existing mount points

[centos@ip-1.1.1.1 ~]$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
xvda 202:0 0 30G 0 disk
└─xvda1 202:1 0 30G 0 part
xvdb 202:16 0 30G 0 disk
└─xvdb1 202:17 0 30G 0 part /

From the information above, it appears that /dev/sda2 has been recognized by AWS as xvdb1 and subsequently mounted at root or /. In closer inspection, it appears that the system has come back online with it former installed apps and data. The next question is whether /dev/sda1 or xvda1 could be removed without adverse effect to the system. Once multiple backup copies of this instance has been done and there’s extra time to do another maintenance, this question would be answered.

For those who may Google similar error codes, this long log should pull those who has freshly experienced this ‘wata heck’ issue:

00000] xsave: enabled xstate_bv 0x7, cntxt size 0x340 using standard form
[ 0.000000] Memory: 1010204k/1048576k available (7668k kernel code, 396k absent, 37976k reserved, 6052k data, 1876k init)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=15, Nodes=1
[ 0.000000] x86/pti: Unmapping kernel while in userspace
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] RCU restricting CPUs from NR_CPUS=5120 to nr_cpu_ids=15.
[ 0.000000] NR_IRQS:327936 nr_irqs:952 0
[ 0.000000] xen:events: Xen HVM callback vector for event delivery is enabled
[ 0.000000] Console: colour VGA+ 80x25
[ 0.000000] console [tty0] enabled
[ 0.000000] Cannot get hvm parameter CONSOLE_EVTCHN (18): -22!
[ 0.000000] console [ttyS0] enabled
[ 0.000000] allocated 4194304 bytes of page_cgroup
[ 0.000000] please try 'cgroup_disable=memory' option if you don't want memory cgroups
[ 0.000000] tsc: Fast TSC calibration using PIT
[ 0.000000] tsc: Detected 2399.949 MHz processor
[ 0.000000] tsc: Detected 2400.042 MHz TSC
[ 0.027000] Calibrating delay loop (skipped), value calculated using timer frequency.. 4800.08 BogoMIPS (lpj=2400042)
[ 0.037004] pid_max: default: 32768 minimum: 301
[ 0.041044] Security Framework initialized
[ 0.045009] SELinux: Initializing.
[ 0.048026] Yama: becoming mindful.
[ 0.051113] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[ 0.057180] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[ 0.062083] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes)
[ 0.067010] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes)
[ 0.073178] Initializing cgroup subsys memory
[ 0.077010] Initializing cgroup subsys devices
[ 0.080005] Initializing cgroup subsys freezer
[ 0.084003] Initializing cgroup subsys net_cls
[ 0.088004] Initializing cgroup subsys blkio
[ 0.092003] Initializing cgroup subsys perf_event
[ 0.096008] Initializing cgroup subsys hugetlb
[ 0.100004] Initializing cgroup subsys pids
[ 0.103004] Initializing cgroup subsys net_prio
[ 0.108392] mce: CPU supports 2 MCE banks
[ 0.112032] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0
[ 0.116004] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0
[ 0.121002] tlb_flushall_shift: 6
[ 0.124007] Speculative Store Bypass: Vulnerable
[ 0.128004] FEATURE SPEC_CTRL Not Present
[ 0.132002] FEATURE IBPB_SUPPORT Not Present
[ 0.136200] Spectre V2 : Vulnerable: Retpoline without IBPB
[ 0.141043] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
[ 0.167975] ACPI: Core revision 20130517
[ 0.175565] ACPI: All ACPI Tables successfully acquired
[ 0.180004] ftrace: allocating 29205 entries in 115 pages
[ 0.227255] IRQ remapping doesn't support X2APIC mode, disable x2apic.
[ 0.233005] Switched APIC routing to physical flat.
[ 0.240401] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=0 pin2=0
[ 0.255304] smpboot: CPU0: [ 0.256002] random: fast init done

[ 0.260002] Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz (fam: 06, model: 3f, stepping: 02)
[ 0.269019] installing Xen timer for CPU 0
[ 0.273108] cpu 0 spinlock event irq 53
[ 0.274016] Performance Events: unsupported p6 CPU model 63 no PMU driver, software events only.
[ 0.278243] Brought up 1 CPUs
[ 0.279007] smpboot: Max logical packages: 15
[ 0.280009] smpboot: Total of 1 processors activated (4800.08 BogoMIPS)
[ 0.281409] NMI watchdog: disabled (cpu0): hardware events not enabled
[ 0.282007] NMI watchdog: Shutting down hard lockup detector on all cpus
[ 0.283261] devtmpfs: initialized
[ 0.285626] EVM: security.selinux
[ 0.286022] EVM: security.ima
[ 0.287020] EVM: security.capability
[ 0.289182] atomic64 test passed for x86-64 platform with CX8 and with SSE
[ 0.290021] pinctrl core: initialized pinctrl subsystem
[ 0.291061] RTC time: 4:33:58, date: 06/10/19
[ 0.292107] NET: Registered protocol family 16
[ 0.293151] ACPI: bus type PCI registered
[ 0.294007] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
[ 0.295357] PCI: Using configuration type 1 for base access
[ 0.297134] ACPI: Added _OSI(Module Device)
[ 0.298006] ACPI: Added _OSI(Processor Device)
[ 0.299007] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 0.300005] ACPI: Added _OSI(Processor Aggregator Device)
[ 0.301023] ACPI: Added _OSI(Linux-Dell-Video)
[ 0.306282] ACPI: Interpreter enabled
[ 0.307017] ACPI: (supports S0 S3 S4 S5)
[ 0.308004] ACPI: Using IOAPIC for interrupt routing
[ 0.309039] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[ 0.310225] ACPI: Enabled 2 GPEs in block 00 to 0F
[ 0.375933] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[ 0.376013] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI]
[ 0.377016] acpi PNP0A03:00: _OSC failed (AE_NOT_FOUND); disabling ASPM
[ 0.378016] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge.
[ 0.379970] acpiphp: Slot [0] registered
[ 0.380983] acpiphp: Slot [3] registered
[ 0.381375] acpiphp: Slot [4] registered
[ 0.382441] acpiphp: Slot [5] registered
[ 0.383406] acpiphp: Slot [6] registered
[ 0.384396] acpiphp: Slot [7] registered
[ 0.385439] acpiphp: Slot [8] registered
[ 0.386425] acpiphp: Slot [9] registered
[ 0.387408] acpiphp: Slot [10] registered
[ 0.388407] acpiphp: Slot [11] registered
[ 0.389425] acpiphp: Slot [12] registered
[ 0.390410] acpiphp: Slot [13] registered
[ 0.391392] acpiphp: Slot [14] registered
[ 0.392404] acpiphp: Slot [15] registered
[ 0.393389] acpiphp: Slot [16] registered
[ 0.394435] acpiphp: Slot [17] registered
[ 0.395494] acpiphp: Slot [18] registered
[ 0.396422] acpiphp: Slot [19] registered
[ 0.397482] acpiphp: Slot [20] registered
[ 0.398482] acpiphp: Slot [21] registered
[ 0.399408] acpiphp: Slot [22] registered
[ 0.400502] acpiphp: Slot [23] registered
[ 0.401407] acpiphp: Slot [24] registered
[ 0.402484] acpiphp: Slot [25] registered
[ 0.403397] acpiphp: Slot [26] registered
[ 0.404441] acpiphp: Slot [27] registered
[ 0.405432] acpiphp: Slot [28] registered
[ 0.406526] acpiphp: Slot [29] registered
[ 0.407399] acpiphp: Slot [30] registered
[ 0.408380] acpiphp: Slot [31] registered
[ 0.409312] PCI host bridge to bus 0000:00
[ 0.410010] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
[ 0.411010] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
[ 0.412011] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[ 0.413017] pci_bus 0000:00: root bus resource [mem 0xf0000000-0xfbffffff window]
[ 0.414011] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 0.421917] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7]
[ 0.422009] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6]
[ 0.423006] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177]
[ 0.424009] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376]
[ 0.426000] * Found PM-Timer Bug on the chipset. Due to workarounds for a bug,
[ 0.426000] * this clock source is slow. Consider trying other clock sources
[ 0.427404] pci 0000:00:01.3: quirk: [io 0xb000-0xb03f] claimed by PIIX4 ACPI
[ 0.434937] ACPI: PCI Interrupt Link [LNKA] (IRQs *5 10 11)
[ 0.438216] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)
[ 0.442215] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11)
[ 0.446221] ACPI: PCI Interrupt Link [LNKD] (IRQs *5 10 11)
[ 0.469286] xen:balloon: Initialising balloon driver
[ 0.473175] vgaarb: device added: PCI:0000:00:02.0,decodes=io+mem,owns=io+mem,locks=none
[ 0.474007] vgaarb: loaded
[ 0.475006] vgaarb: bridge control possible 0000:00:02.0
[ 0.476114] SCSI subsystem initialized
[ 0.477037] ACPI: bus type USB registered
[ 0.478031] usbcore: registered new interface driver usbfs
[ 0.479020] usbcore: registered new interface driver hub
[ 0.480045] usbcore: registered new device driver usb
[ 0.481114] EDAC MC: Ver: 3.0.0
[ 0.482546] PCI: Using ACPI for IRQ routing
[ 0.483643] NetLabel: Initializing
[ 0.484007] NetLabel: domain hash size = 128
[ 0.485006] NetLabel: protocols = UNLABELED CIPSOv4
[ 0.486026] NetLabel: unlabeled traffic allowed by default
[ 0.487127] HPET: 3 timers in total, 0 timers will be used for per-cpu timer
[ 0.488022] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
[ 0.491005] hpet0: 3 comparators, 64-bit 62.500000 MHz counter
[ 0.494005] amd_nb: Cannot enumerate AMD northbridges
[ 0.495025] Switched to clocksource xen
[ 0.502987] pnp: PnP ACPI init
[ 0.506078] ACPI: bus type PNP registered
[ 0.509742] system 00:00: [mem 0x00000000-0x0009ffff] could not be reserved
[ 0.515082] system 00:01: [io 0x08a0-0x08a3] has been reserved
[ 0.519785] system 00:01: [io 0x0cc0-0x0ccf] has been reserved
[ 0.552008] system 00:01: [io 0x04d0-0x04d1] has been reserved
[ 0.558029] system 00:07: [io 0x10c0-0x1141] has been reserved
[ 0.564061] system 00:07: [io 0xb044-0xb047] has been reserved
[ 0.590508] pnp: PnP ACPI: found 8 devices
[ 0.594853] ACPI: bus type PNP unregistered
[ 0.605064] NET: Registered protocol family 2
[ 0.610508] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[ 0.617676] TCP bind hash table entries: 8192 (order: 5, 131072 bytes)
[ 0.624275] TCP: Hash tables configured (established 8192 bind 8192)
[ 0.630061] TCP: reno registered
[ 0.633681] UDP hash table entries: 512 (order: 2, 16384 bytes)
[ 0.639266] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[ 0.645364] NET: Registered protocol family 1
[ 0.649826] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 0.655835] pci 0000:00:01.0: PIIX3: Enabling Passive Release
[ 0.661358] pci 0000:00:01.0: Activating ISA DMA hang workarounds
[ 0.667681] RAPL PMU: API unit is 2^-32 Joules, 3 fixed counters, 655360 ms ovfl timer
[ 0.676002] RAPL PMU: hw unit of domain pp0-core 2^-14 Joules
[ 0.682016] RAPL PMU: hw unit of domain package 2^-14 Joules
[ 0.687371] RAPL PMU: hw unit of domain dram 2^-16 Joules
[ 0.692910] sha1_ssse3: Using AVX2 optimized SHA-1 implementation
[ 0.699536] sha256_ssse3: Using AVX2 optimized SHA-256 implementation
[ 0.705996] futex hash table entries: 4096 (order: 6, 262144 bytes)
[ 0.712010] Initialise system trusted keyring
[ 0.716803] audit: initializing netlink socket (disabled)
[ 0.722344] type=2000 audit(1560141239.309:1): initialized
[ 0.750474] HugeTLB registered 2 MB page size, pre-allocated 0 pages
[ 0.757885] zpool: loaded
[ 0.761566] zbud: loaded
[ 0.765013] VFS: Disk quotas dquot_6.5.2
[ 0.769394] Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 0.776247] msgmni has been set to 1973
[ 0.780822] Key type big_key registered
[ 0.785563] NET: Registered protocol family 38
[ 0.790088] Key type asymmetric registered
[ 0.794607] Asymmetric key parser 'x509' registered
[ 0.799566] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 248)
[ 0.807409] io scheduler noop registered
[ 0.811807] io scheduler deadline registered (default)
[ 0.816942] io scheduler cfq registered
[ 0.821341] io scheduler mq-deadline registered
[ 0.826006] io scheduler kyber registered
[ 0.830426] pci_hotplug: PCI Hot Plug PCI Core version: 0.5
[ 0.836212] pciehp: PCI Express Hot Plug Controller Driver version: 0.4
[ 0.842340] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[ 0.848988] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 0.857067] ACPI: Power Button [PWRF]
[ 0.861291] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 0.869235] ACPI: Sleep Button [SLPF]
[ 0.873456] GHES: HEST is not enabled!
[ 0.878087] xen:grant_table: Grant tables using version 1 layout
[ 0.884113] Grant table initialized
[ 0.888241] Cannot get hvm parameter CONSOLE_EVTCHN (18): -22!
[ 0.893926] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 0.930588] 00:06: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[ 0.936943] Non-volatile memory driver v1.3
[ 0.948834] Linux agpgart interface v0.103
[ 0.960345] crash memory driver: version 1.1
[ 0.969370] rdac: device handler registered
[ 0.975423] hp_sw: device handler registered
[ 0.980601] emc: device handler registered
[ 0.986644] alua: device handler registered
[ 0.992717] libphy: Fixed MDIO Bus: probed
[ 0.997576] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 1.006334] ehci-pci: EHCI PCI platform driver
[ 1.011223] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 1.016876] ohci-pci: OHCI PCI platform driver
[ 1.021863] uhci_hcd: USB Universal Host Controller Interface driver
[ 1.027672] usbcore: registered new interface driver usbserial_generic
[ 1.033734] usbserial: USB Serial support registered for generic
[ 1.039340] i8042: PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12
[ 1.050083] serio: i8042 KBD port at 0x60,0x64 irq 1
[ 1.055390] serio: i8042 AUX port at 0x60,0x64 irq 12
[ 1.060500] mousedev: PS/2 mouse device common for all mice
[ 1.067280] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input2
[ 1.076381] rtc_cmos 00:02: rtc core: registered rtc_cmos as rtc0
[ 1.082440] rtc_cmos 00:02: alarms up to one day, 114 bytes nvram, hpet irqs
[ 1.096955] cpuidle: using governor menu
[ 1.101932] hidraw: raw HID events driver (C) Jiri Kosina
[ 1.107172] usbcore: registered new interface driver usbhid
[ 1.112756] usbhid: USB HID core driver
[ 1.117121] drop_monitor: Initializing network drop monitor service
[ 1.123313] TCP: cubic registered
[ 1.126969] Initializing XFRM netlink socket
[ 1.131609] NET: Registered protocol family 10
[ 1.136708] NET: Registered protocol family 17
[ 1.142103] mpls_gso: MPLS GSO support
[ 1.146241] intel_rdt: Intel RDT L3 allocation detected
[ 1.151575] Loading compiled-in X.509 certificates
[ 1.156559] Loaded X.509 cert 'CentOS Linux kpatch signing key: ea0413152cde1d98ebdca3fe6f0230904c9ef717'
[ 1.166089] Loaded X.509 cert 'CentOS Linux Driver update signing key: 7f421ee0ab69461574bb358861dbe77762a4201b'
[ 1.176342] Loaded X.509 cert 'CentOS Linux kernel signing key: 8de64fb5969b557edc7f032eeabcbe4f37177f4e'
[ 1.185515] registered taskstats version 1
[ 1.190244] Key type trusted registered
[ 1.194509] Key type encrypted registered
[ 1.199096] IMA: No TPM chip found, activating TPM-bypass! (rc=-19)
[ 1.205332] xenbus_probe_frontend: Device with no driver: device/vbd/768
[ 1.211651] xenbus_probe_frontend: Device with no driver: device/vif/0
[ 1.217661] Magic number: 7:202:565
[ 1.221760] rtc_cmos 00:02: setting system clock to 2019-06-10 04:34:00 UTC (1560141240)
[ 1.694136] tsc: Refined TSC clocksource calibration: 2399.999 MHz
[ 1.938315] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input3
[ 1.946652] md: Waiting for all devices to be available before autodetect
[ 1.955696] md: If you don't use raid, use raid=noautodetect
[ 1.962645] md: Autodetecting RAID arrays.
[ 1.968336] md: autorun ...
[ 1.972543] md: ... autorun DONE.
[ 1.977339] List of all partitions:
[ 1.982221] No filesystem could mount root, tried:
[ 1.989166] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[ 1.990142] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.0-957.12.2.el7.x86_64 #1
[ 1.990142] Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006
[ 1.990142] Call Trace:
[ 1.990142] [<ffffffffbb963041>] dump_stack+0x19/0x1b
[ 1.990142] [<ffffffffbb95c750>] panic+0xe8/0x21f
[ 1.990142] [<ffffffffbbf86761>] mount_block_root+0x291/0x2a0
[ 1.990142] [<ffffffffbbf867c3>] mount_root+0x53/0x56
[ 1.990142] [<ffffffffbbf86902>] prepare_namespace+0x13c/0x174
[ 1.990142] [<ffffffffbbf863df>] kernel_init_freeable+0x1f8/0x21f
[ 1.990142] [<ffffffffbbf85b1f>] ? initcall_blacklist+0xb0/0xb0
[ 1.990142] [<ffffffffbb951120>] ? rest_init+0x80/0x80
[ 1.990142] [<ffffffffbb95112e>] kernel_init+0xe/0x100
[ 1.990142] [<ffffffffbb975c37>] ret_from_fork_nospec_begin+0x21/0x21
[ 1.990142] [<ffffffffbb951120>] ? rest_init+0x80/0x80
 The selected entry will be started automatically in 1s.  The selected entry will be started automatically in 0s. [?25h[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 3.10.0-957.12.2.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Tue May 14 21:24:32 UTC 2019
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-3.10.0-957.12.2.el7.x86_64 root=UUID=8c1540fa-e2b4-407d-bcd1-59848a73e463 ro console=tty0 console=ttyS0,115200n8 crashkernel=auto console=ttyS0,115200 LANG=en_US.UTF-8
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009dfff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009e000-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000003fffffff] usable
[ 0.000000] BIOS-e820: [mem 0x00000000fc000000-0x00000000ffffffff] reserved
[ 0.000000] NX (Execute Disable) protection: active
[ 0.000000] SMBIOS 2.7 present.
[ 0.000000] DMI: Xen HVM domU, BIOS 4.2.amazon 08/24/2006
[ 0.000000] Hypervisor detected: Xen HVM
[ 0.000000] Xen version 4.2.
[ 0.000000] Netfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated NICs.
[ 0.000000] Blkfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated disks.
[ 0.000000] You might have to change the root device
[ 0.000000] from /dev/hd[a-d] to /dev/xvd[a-d]
[ 0.000000] in your root= kernel command line option
[ 0.000000] e820: last_pfn = 0x40000 max_arch_pfn = 0x400000000
[ 0.000000] PAT configuration [0-7]: WB WC UC- UC WB WP UC- UC
[ 0.000000] found SMP MP-table at [mem 0x000fbc50-0x000fbc5f] mapped at [ffffffffff200c50]
[ 0.000000] Early table checksum verification disabled
[ 0.000000] ACPI: RSDP 00000000000ea020 00024 (v02 Xen)
[ 0.000000] ACPI: XSDT 00000000fc00e2a0 00054 (v01 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: FACP 00000000fc00df60 000F4 (v04 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: DSDT 00000000fc0021c0 0BD19 (v02 Xen HVM 00000000 INTL 20090123)
[ 0.000000] ACPI: FACS 00000000fc002180 00040
[ 0.000000] ACPI: APIC 00000000fc00e060 000D8 (v02 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: HPET 00000000fc00e1b0 00038 (v01 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: WAET 00000000fc00e1f0 00028 (v01 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: SSDT 00000000fc00e220 00031 (v02 Xen HVM 00000000 INTL 20090123)
[ 0.000000] ACPI: SSDT 00000000fc00e260 00033 (v02 Xen HVM 00000000 INTL 20090123)
[ 0.000000] No NUMA configuration found
[ 0.000000] Faking a node at [mem 0x0000000000000000-0x000000003fffffff]
[ 0.000000] NODE_DATA(0) allocated [mem 0x3ffd9000-0x3fffffff]
[ 0.000000] crashkernel=auto resulted in zero bytes of reserved memory.
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x00001000-0x00ffffff]
[ 0.000000] DMA32 [mem 0x01000000-0xffffffff]
[ 0.000000] Normal empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x00001000-0x0009dfff]
[ 0.000000] node 0: [mem 0x00100000-0x3fffffff]
[ 0.000000] Initmem setup node 0 [mem 0x00001000-0x3fffffff]
[ 0.000000] ACPI: PM-Timer IO Port: 0xb008
[ 0.000000] ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x02] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x03] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x04] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x05] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x06] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x07] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x08] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x09] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0a] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0b] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0c] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0d] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0e] lapic_id[0x00] disabled)
[ 0.000000] ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
[ 0.000000] IOAPIC[0]: apic_id 1, version 17, address 0xfec00000, GSI 0-47
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 low level)
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 low level)
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 low level)
[ 0.000000] Using ACPI (MADT) for SMP configuration information
[ 0.000000] ACPI: HPET id: 0x8086a201 base: 0xfed00000
[ 0.000000] smpboot: Allowing 15 CPUs, 14 hotplug CPUs
[ 0.000000] PM: Registered nosave memory: [mem 0x0009e000-0x0009ffff]
[ 0.000000] PM: Registered nosave memory: [mem 0x000a0000-0x000dffff]
[ 0.000000] PM: Registered nosave memory: [mem 0x000e0000-0x000fffff]
[ 0.000000] e820: [mem 0x40000000-0xfbffffff] available for PCI devices
[ 0.000000] Booting paravirtualized kernel on Xen HVM
[ 0.000000] setup_percpu: NR_CPUS:5120 nr_cpumask_bits:15 nr_cpu_ids:15 nr_node_ids:1
[ 0.000000] PERCPU: Embedded 38 pages/cpu @ffff9b973e200000 s118784 r8192 d28672 u262144
[ 0.000000] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes)
[ 0.000000] Built 1 zonelists in Node order, mobility grouping on. Total pages: 257928
[ 0.000000] Policy zone: DMA32
[ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-3.10.0-957.12.2.el7.x86_64 root=UUID=8c1540fa-e2b4-407d-bcd1-59848a73e463 ro console=tty0 console=ttyS0,115200n8 crashkernel=auto console=ttyS0,115200 LANG=en_US.UTF-8
[ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[ 0.000000] x86/fpu: xstate_offset[2]: 0240, xstate_sizes[2]: 0100
[ 0.000000] xsave: enabled xstate_bv 0x7, cntxt size 0x340 using standard form
[ 0.000000] Memory: 1010204k/1048576k available (7668k kernel code, 396k absent, 37976k reserved, 6052k data, 1876k init)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=15, Nodes=1
[ 0.000000] x86/pti: Unmapping kernel while in userspace
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] RCU restricting CPUs from NR_CPUS=5120 to nr_cpu_ids=15.
[ 0.000000] NR_IRQS:327936 nr_irqs:952 0
[ 0.000000] xen:events: Xen HVM callback vector for event delivery is enabled
[ 0.000000] Console: colour VGA+ 80x25
[ 0.000000] console [tty0] enabled
[ 0.000000] Cannot get hvm parameter CONSOLE_EVTCHN (18): -22!
[ 0.000000] console [ttyS0] enabled
[ 0.000000] allocated 4194304 bytes of page_cgroup
[ 0.000000] please try 'cgroup_disable=memory' option if you don't want memory cgroups
[ 0.000000] tsc: Fast TSC calibration using PIT
[ 0.000000] tsc: Detected 2399.945 MHz processor
[ 0.000000] tsc: Detected 2400.042 MHz TSC
[ 0.029000] Calibrating delay loop (skipped), value calculated using timer frequency.. 4800.08 BogoMIPS (lpj=2400042)
[ 0.042004] pid_max: default: 32768 minimum: 301
[ 0.048045] Security Framework initialized
[ 0.053009] SELinux: Initializing.
[ 0.058026] Yama: becoming mindful.
[ 0.064024] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[ 0.074176] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[ 0.089094] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes)
[ 0.099010] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes)
[ 0.109183] Initializing cgroup subsys memory
[ 0.115009] Initializing cgroup subsys devices
[ 0.121004] Initializing cgroup subsys freezer
[ 0.128006] Initializing cgroup subsys net_cls
[ 0.138008] Initializing cgroup subsys blkio
[ 0.147005] Initializing cgroup subsys perf_event
[ 0.155009] Initializing cgroup subsys hugetlb
[ 0.160003] Initializing cgroup subsys pids
[ 0.167005] Initializing cgroup subsys net_prio
[ 0.174830] mce: CPU supports 2 MCE banks
[ 0.180034] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0
[ 0.187004] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0
[ 0.195003] tlb_flushall_shift: 6
[ 0.200006] Speculative Store Bypass: Vulnerable
[ 0.209004] FEATURE SPEC_CTRL Not Present
[ 0.214003] FEATURE IBPB_SUPPORT Not Present
[ 0.218207] Spectre V2 : Vulnerable: Retpoline without IBPB
[ 0.224036] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
[ 0.255879] ACPI: Core revision 20130517
[ 0.256003] random: fast init done
[ 0.267362] ACPI: All ACPI Tables successfully acquired
[ 0.275005] ftrace: allocating 29205 entries in 115 pages
[ 0.321797] IRQ remapping doesn't support X2APIC mode, disable x2apic.
[ 0.330003] Switched APIC routing to physical flat.
[ 0.338408] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=0 pin2=0
[ 0.355740] smpboot: CPU0: Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz (fam: 06, model: 3f, stepping: 02)
[ 0.372019] installing Xen timer for CPU 0
[ 0.385105] cpu 0 spinlock event irq 53
[ 0.386020] Performance Events: unsupported p6 CPU model 63 no PMU driver, software events only.
[ 0.390252] Brought up 1 CPUs
[ 0.391008] smpboot: Max logical packages: 15
[ 0.392009] smpboot: Total of 1 processors activated (4800.08 BogoMIPS)
[ 0.393409] NMI watchdog: disabled (cpu0): hardware events not enabled
[ 0.394006] NMI watchdog: Shutting down hard lockup detector on all cpus
[ 0.395258] devtmpfs: initialized
[ 0.397608] EVM: security.selinux
[ 0.398025] EVM: security.ima
[ 0.399024] EVM: security.capability
[ 0.401167] atomic64 test passed for x86-64 platform with CX8 and with SSE
[ 0.402030] pinctrl core: initialized pinctrl subsystem
[ 0.403071] RTC time: 4:34:30, date: 06/10/19
[ 0.404126] NET: Registered protocol family 16
[ 0.405172] ACPI: bus type PCI registered
[ 0.406008] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
[ 0.407349] PCI: Using configuration type 1 for base access
[ 0.409142] ACPI: Added _OSI(Module Device)
[ 0.410007] ACPI: Added _OSI(Processor Device)
[ 0.411006] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 0.412009] ACPI: Added _OSI(Processor Aggregator Device)
[ 0.413026] ACPI: Added _OSI(Linux-Dell-Video)
[ 0.418313] ACPI: Interpreter enabled
[ 0.419024] ACPI: (supports S0 S3 S4 S5)
[ 0.420007] ACPI: Using IOAPIC for interrupt routing
[ 0.421059] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[ 0.422311] ACPI: Enabled 2 GPEs in block 00 to 0F
[ 0.500117] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[ 0.501015] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI]
[ 0.502017] acpi PNP0A03:00: _OSC failed (AE_NOT_FOUND); disabling ASPM
[ 0.503019] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge.
[ 0.505000] acpiphp: Slot [0] registered
[ 0.505996] acpiphp: Slot [3] registered
[ 0.506420] acpiphp: Slot [4] registered
[ 0.507412] acpiphp: Slot [5] registered
[ 0.508401] acpiphp: Slot [6] registered
[ 0.509529] acpiphp: Slot [7] registered
[ 0.510581] acpiphp: Slot [8] registered
[ 0.511670] acpiphp: Slot [9] registered
[ 0.512819] acpiphp: Slot [10] registered
[ 0.513859] acpiphp: Slot [11] registered
[ 0.514820] acpiphp: Slot [12] registered
[ 0.515606] acpiphp: Slot [13] registered
[ 0.516586] acpiphp: Slot [14] registered
[ 0.517595] acpiphp: Slot [15] registered
[ 0.518550] acpiphp: Slot [16] registered
[ 0.519719] acpiphp: Slot [17] registered
[ 0.520590] acpiphp: Slot [18] registered
[ 0.521746] acpiphp: Slot [19] registered
[ 0.522525] acpiphp: Slot [20] registered
[ 0.523668] acpiphp: Slot [21] registered
[ 0.524614] acpiphp: Slot [22] registered
[ 0.525739] acpiphp: Slot [23] registered
[ 0.526682] acpiphp: Slot [24] registered
[ 0.527661] acpiphp: Slot [25] registered
[ 0.528686] acpiphp: Slot [26] registered
[ 0.529671] acpiphp: Slot [27] registered
[ 0.530574] acpiphp: Slot [28] registered
[ 0.531541] acpiphp: Slot [29] registered
[ 0.532523] acpiphp: Slot [30] registered
[ 0.533612] acpiphp: Slot [31] registered
[ 0.534436] PCI host bridge to bus 0000:00
[ 0.535009] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
[ 0.536009] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
[ 0.537009] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[ 0.538009] pci_bus 0000:00: root bus resource [mem 0xf0000000-0xfbffffff window]
[ 0.539009] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 0.549589] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7]
[ 0.550011] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6]
[ 0.551006] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177]
[ 0.552008] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376]
[ 0.554000] * Found PM-Timer Bug on the chipset. Due to workarounds for a bug,
[ 0.554000] * this clock source is slow. Consider trying other clock sources
[ 0.555687] pci 0000:00:01.3: quirk: [io 0xb000-0xb03f] claimed by PIIX4 ACPI
[ 0.564018] ACPI: PCI Interrupt Link [LNKA] (IRQs *5 10 11)
[ 0.568254] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)
[ 0.572254] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11)
[ 0.576269] ACPI: PCI Interrupt Link [LNKD] (IRQs *5 10 11)
[ 0.600166] xen:balloon: Initialising balloon driver
[ 0.603197] vgaarb: device added: PCI:0000:00:02.0,decodes=io+mem,owns=io+mem,locks=none
[ 0.604009] vgaarb: loaded
[ 0.605005] vgaarb: bridge control possible 0000:00:02.0
[ 0.606147] SCSI subsystem initialized
[ 0.607048] ACPI: bus type USB registered
[ 0.608034] usbcore: registered new interface driver usbfs
[ 0.609020] usbcore: registered new interface driver hub
[ 0.610038] usbcore: registered new device driver usb
[ 0.611104] EDAC MC: Ver: 3.0.0
[ 0.612771] PCI: Using ACPI for IRQ routing
[ 0.613725] NetLabel: Initializing
[ 0.614007] NetLabel: domain hash size = 128
[ 0.615004] NetLabel: protocols = UNLABELED CIPSOv4
[ 0.616028] NetLabel: unlabeled traffic allowed by default
[ 0.617128] HPET: 3 timers in total, 0 timers will be used for per-cpu timer
[ 0.618023] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
[ 0.621006] hpet0: 3 comparators, 64-bit 62.500000 MHz counter
[ 0.623040] amd_nb: Cannot enumerate AMD northbridges
[ 0.624032] Switched to clocksource xen
[ 0.635443] pnp: PnP ACPI init
[ 0.640127] ACPI: bus type PNP registered
[ 0.645489] system 00:00: [mem 0x00000000-0x0009ffff] could not be reserved
[ 0.657117] system 00:01: [io 0x08a0-0x08a3] has been reserved
[ 0.664097] system 00:01: [io 0x0cc0-0x0ccf] has been reserved
[ 0.670816] system 00:01: [io 0x04d0-0x04d1] has been reserved
[ 0.677854] system 00:07: [io 0x10c0-0x1141] has been reserved
[ 0.684693] system 00:07: [io 0xb044-0xb047] has been reserved
[ 0.718409] pnp: PnP ACPI: found 8 devices
[ 0.723652] ACPI: bus type PNP unregistered
[ 0.735102] NET: Registered protocol family 2
[ 0.740522] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[ 0.748299] TCP bind hash table entries: 8192 (order: 5, 131072 bytes)
[ 0.755613] TCP: Hash tables configured (established 8192 bind 8192)
[ 0.763079] TCP: reno registered
[ 0.767508] UDP hash table entries: 512 (order: 2, 16384 bytes)
[ 0.774388] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[ 0.781543] NET: Registered protocol family 1
[ 0.787843] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 0.794133] pci 0000:00:01.0: PIIX3: Enabling Passive Release
[ 0.798944] pci 0000:00:01.0: Activating ISA DMA hang workarounds
[ 0.804152] RAPL PMU: API unit is 2^-32 Joules, 3 fixed counters, 655360 ms ovfl timer
[ 0.810869] RAPL PMU: hw unit of domain pp0-core 2^-14 Joules
[ 0.815374] RAPL PMU: hw unit of domain package 2^-14 Joules
[ 0.819901] RAPL PMU: hw unit of domain dram 2^-16 Joules
[ 0.824614] sha1_ssse3: Using AVX2 optimized SHA-1 implementation
[ 0.829491] sha256_ssse3: Using AVX2 optimized SHA-256 implementation
[ 0.835580] futex hash table entries: 4096 (order: 6, 262144 bytes)
[ 0.843657] Initialise system trusted keyring
[ 0.848225] audit: initializing netlink socket (disabled)
[ 0.863582] type=2000 audit(1560141271.130:1): initialized
[ 0.893529] HugeTLB registered 2 MB page size, pre-allocated 0 pages
[ 0.900879] zpool: loaded
[ 0.904208] zbud: loaded
[ 0.907827] VFS: Disk quotas dquot_6.5.2
[ 0.912102] Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 0.918521] msgmni has been set to 1973
[ 0.922762] Key type big_key registered
[ 0.927526] NET: Registered protocol family 38
[ 0.932154] Key type asymmetric registered
[ 0.936379] Asymmetric key parser 'x509' registered
[ 0.941610] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 248)
[ 0.949172] io scheduler noop registered
[ 0.953630] io scheduler deadline registered (default)
[ 0.958779] io scheduler cfq registered
[ 0.962795] io scheduler mq-deadline registered
[ 0.967519] io scheduler kyber registered
[ 0.972004] pci_hotplug: PCI Hot Plug PCI Core version: 0.5
[ 0.978004] pciehp: PCI Express Hot Plug Controller Driver version: 0.4
[ 0.984095] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[ 0.990552] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 0.997993] ACPI: Power Button [PWRF]
[ 1.002041] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 1.009696] ACPI: Sleep Button [SLPF]
[ 1.013687] GHES: HEST is not enabled!
[ 1.018108] xen:grant_table: Grant tables using version 1 layout
[ 1.023794] Grant table initialized
[ 1.033549] Cannot get hvm parameter CONSOLE_EVTCHN (18): -22!
[ 1.039033] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 1.075270] 00:06: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[ 1.083029] Non-volatile memory driver v1.3
[ 1.087958] Linux agpgart interface v0.103
[ 1.092855] crash memory driver: version 1.1
[ 1.098479] rdac: device handler registered
[ 1.103629] hp_sw: device handler registered
[ 1.108584] emc: device handler registered
[ 1.113453] alua: device handler registered
[ 1.122580] libphy: Fixed MDIO Bus: probed
[ 1.126730] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 1.132779] ehci-pci: EHCI PCI platform driver
[ 1.137457] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 1.143210] ohci-pci: OHCI PCI platform driver
[ 1.147690] uhci_hcd: USB Universal Host Controller Interface driver
[ 1.153847] usbcore: registered new interface driver usbserial_generic
[ 1.161186] usbserial: USB Serial support registered for generic
[ 1.168310] i8042: PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12
[ 1.180270] serio: i8042 KBD port at 0x60,0x64 irq 1
[ 1.186144] serio: i8042 AUX port at 0x60,0x64 irq 12
[ 1.192480] mousedev: PS/2 mouse device common for all mice
[ 1.208075] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input2
[ 1.216102] rtc_cmos 00:02: rtc core: registered rtc_cmos as rtc0
[ 1.221573] rtc_cmos 00:02: alarms up to one day, 114 bytes nvram, hpet irqs
[ 1.236197] cpuidle: using governor menu
[ 1.240688] hidraw: raw HID events driver (C) Jiri Kosina
[ 1.246083] usbcore: registered new interface driver usbhid
[ 1.251853] usbhid: USB HID core driver
[ 1.255991] drop_monitor: Initializing network drop monitor service
[ 1.261765] TCP: cubic registered
[ 1.265322] Initializing XFRM netlink socket
[ 1.269979] NET: Registered protocol family 10
[ 1.274704] NET: Registered protocol family 17
[ 1.279279] mpls_gso: MPLS GSO support
[ 1.284074] intel_rdt: Intel RDT L3 allocation detected
[ 1.289211] Loading compiled-in X.509 certificates
[ 1.294077] Loaded X.509 cert 'CentOS Linux kpatch signing key: ea0413152cde1d98ebdca3fe6f0230904c9ef717'
[ 1.303018] Loaded X.509 cert 'CentOS Linux Driver update signing key: 7f421ee0ab69461574bb358861dbe77762a4201b'
[ 1.312801] Loaded X.509 cert 'CentOS Linux kernel signing key: 8de64fb5969b557edc7f032eeabcbe4f37177f4e'
[ 1.321526] registered taskstats version 1
[ 1.325847] Key type trusted registered
[ 1.329839] Key type encrypted registered
[ 1.333922] IMA: No TPM chip found, activating TPM-bypass! (rc=-19)
[ 1.339920] xenbus_probe_frontend: Device with no driver: device/vbd/768
[ 1.345690] xenbus_probe_frontend: Device with no driver: device/vif/0
[ 1.351306] Magic number: 7:202:565
[ 1.355681] rtc_cmos 00:02: setting system clock to 2019-06-10 04:34:32 UTC (1560141272)
[ 1.826155] tsc: Refined TSC clocksource calibration: 2399.998 MHz
[ 2.083477] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input3
[ 2.098143] md: Waiting for all devices to be available before autodetect
[ 2.110354] md: If you don't use raid, use raid=noautodetect
[ 2.116879] md: Autodetecting RAID arrays.
[ 2.121422] md: autorun ...
[ 2.124985] md: ... autorun DONE.
[ 2.135110] List of all partitions:
[ 2.139306] No filesystem could mount root, tried:
[ 2.147451] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[ 2.148428] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.0-957.12.2.el7.x86_64 #1
[ 2.148428] Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006
[ 2.148428] Call Trace:
[ 2.148428] [<ffffffff88763041>] dump_stack+0x19/0x1b
[ 2.148428] [<ffffffff8875c750>] panic+0xe8/0x21f
[ 2.148428] [<ffffffff88d86761>] mount_block_root+0x291/0x2a0
[ 2.148428] [<ffffffff88d867c3>] mount_root+0x53/0x56
[ 2.148428] [<ffffffff88d86902>] prepare_namespace+0x13c/0x174
[ 2.148428] [<ffffffff88d863df>] kernel_init_freeable+0x1f8/0x21f
[ 2.148428] [<ffffffff88d85b1f>] ? initcall_blacklist+0xb0/0xb0
[ 2.148428] [<ffffffff88751120>] ? rest_init+0x80/0x80
[ 2.148428] [<ffffffff8875112e>] kernel_init+0xe/0x100
[ 2.148428] [<ffffffff88775c37>] ret_from_fork_nospec_begin+0x21/0x21
[ 2.148428] [<ffffffff88751120>] ? rest_init+0x80/0x80
[?25lUse the ^ and v keys to change the selection.

Press 'e' to edit the selected item, or 'c' for a command prompt.   CentOS Linux (3.10.0-957.12.2.el7.x86_64) 7 (Core)  CentOS Linux (3.10.0-957.5.1.el7.x86_64) 7 (Core)  CentOS Linux (3.10.0-957.1.3.el7.x86_64) 7 (Core)  CentOS Linux (3.10.0-862.3.2.el7.x86_64) 7 (Core)  CentOS Linux (0-rescue-b30d0f2110ac3807b210c19ede3ce88f) 7 (Core)             The selected entry will be started automatically in 1s.  The selected entry will be started automatically in 0s. [?25h[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 3.10.0-957.12.2.el7.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Tue May 14 21:24:32 UTC 2019
[ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-3.10.0-957.12.2.el7.x86_64 root=UUID=8c1540fa-e2b4-407d-bcd1-59848a73e463 ro console=tty0 console=ttyS0,115200n8 crashkernel=auto console=ttyS0,115200 LANG=en_US.UTF-8
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009dfff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009e000-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000003fffffff] usable
[ 0.000000] BIOS-e820: [mem 0x00000000fc000000-0x00000000ffffffff] reserved
[ 0.000000] NX (Execute Disable) protection: active
[ 0.000000] SMBIOS 2.7 present.
[ 0.000000] DMI: Xen HVM domU, BIOS 4.2.amazon 08/24/2006
[ 0.000000] Hypervisor detected: Xen HVM
[ 0.000000] Xen version 4.2.
[ 0.000000] Netfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated NICs.
[ 0.000000] Blkfront and the Xen platform PCI driver have been compiled for this kernel: unplug emulated disks.
[ 0.000000] You might have to change the root device
[ 0.000000] from /dev/hd[a-d] to /dev/xvd[a-d]
[ 0.000000] in your root= kernel command line option
[ 0.000000] e820: last_pfn = 0x40000 max_arch_pfn = 0x400000000
[ 0.000000] PAT configuration [0-7]: WB WC UC- UC WB WP UC- UC
[ 0.000000] found SMP MP-table at [mem 0x000fbc50-0x000fbc5f] mapped at [ffffffffff200c50]
[ 0.000000] Early table checksum verification disabled
[ 0.000000] ACPI: RSDP 00000000000ea020 00024 (v02 Xen)
[ 0.000000] ACPI: XSDT 00000000fc00e2a0 00054 (v01 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: FACP 00000000fc00df60 000F4 (v04 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: DSDT 00000000fc0021c0 0BD19 (v02 Xen HVM 00000000 INTL 20090123)
[ 0.000000] ACPI: FACS 00000000fc002180 00040
[ 0.000000] ACPI: APIC 00000000fc00e060 000D8 (v02 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: HPET 00000000fc00e1b0 00038 (v01 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: WAET 00000000fc00e1f0 00028 (v01 Xen HVM 00000000 HVML 00000000)
[ 0.000000] ACPI: SSDT 00000000fc00e220 00031 (v02 Xen HVM 00000000 INTL 20090123)
[ 0.000000] ACPI: SSDT 00000000fc00e260 00033 (v02 Xen HVM 00000000 INTL 20090123)
[ 0.000000] No NUMA configuration found
[ 0.000000] Faking a node at [mem 0x0000000000000000-0x000000003fffffff]
[ 0.000000] NODE_DATA(0) allocated [mem 0x3ffd9000-0x3fffffff]
[ 0.000000] crashkernel=auto resulted in zero bytes of reserved memory.
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x00001000-0x00ffffff]
[ 0.000000] DMA32 [mem 0x01000000-0xffffffff]
[ 0.000000] Normal empty
[ 0.000000] Movable zone start for each node
[ 0.000000] Early memory node ranges
[ 0.000000] node 0: [mem 0x00001000-0x0009dfff]
[ 0.000000] node 0: [mem 0x00100000-0x3fffffff]
[ 0.000000] Initmem setup node 0 [mem 0x00001000-0x3fffffff]
[ 0.000000] ACPI: PM-Timer IO Port: 0xb008
[ 0.000000] ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x01] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x02] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x03] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x04] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x05] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x06] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x07] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x08] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x09] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0a] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0b] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0c] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0d] lapic_id[0x00] disabled)
[ 0.000000] ACPI: LAPIC (acpi_id[0x0e] lapic_id[0x00] disabled)
[ 0.000000] ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0])
[ 0.000000] IOAPIC[0]: apic_id 1, version 17, address 0xfec00000, GSI 0-47
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 low level)
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 low level)
[ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 low level)
[ 0.000000] Using ACPI (MADT) for SMP configuration information
[ 0.000000] ACPI: HPET id: 0x8086a201 base: 0xfed00000
[ 0.000000] smpboot: Allowing 15 CPUs, 14 hotplug CPUs
[ 0.000000] PM: Registered nosave memory: [mem 0x0009e000-0x0009ffff]
[ 0.000000] PM: Registered nosave memory: [mem 0x000a0000-0x000dffff]
[ 0.000000] PM: Registered nosave memory: [mem 0x000e0000-0x000fffff]
[ 0.000000] e820: [mem 0x40000000-0xfbffffff] available for PCI devices
[ 0.000000] Booting paravirtualized kernel on Xen HVM
[ 0.000000] setup_percpu: NR_CPUS:5120 nr_cpumask_bits:15 nr_cpu_ids:15 nr_node_ids:1
[ 0.000000] PERCPU: Embedded 38 pages/cpu @ffff95733e200000 s118784 r8192 d28672 u262144
[ 0.000000] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes)
[ 0.000000] Built 1 zonelists in Node order, mobility grouping on. Total pages: 257928
[ 0.000000] Policy zone: DMA32
[ 0.000000] Kernel command line: BOOT_IMAGE=/boot/vmlinuz-3.10.0-957.12.2.el7.x86_64 root=UUID=8c1540fa-e2b4-407d-bcd1-59848a73e463 ro console=tty0 console=ttyS0,115200n8 crashkernel=auto console=ttyS0,115200 LANG=en_US.UTF-8
[ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes)
[ 0.000000] x86/fpu: xstate_offset[2]: 0240, xstate_sizes[2]: 0100
[ 0.000000] xsave: enabled xstate_bv 0x7, cntxt size 0x340 using standard form
[ 0.000000] Memory: 1010204k/1048576k available (7668k kernel code, 396k absent, 37976k reserved, 6052k data, 1876k init)
[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=15, Nodes=1
[ 0.000000] x86/pti: Unmapping kernel while in userspace
[ 0.000000] Hierarchical RCU implementation.
[ 0.000000] RCU restricting CPUs from NR_CPUS=5120 to nr_cpu_ids=15.
[ 0.000000] NR_IRQS:327936 nr_irqs:952 0
[ 0.000000] xen:events: Xen HVM callback vector for event delivery is enabled
[ 0.000000] Console: colour VGA+ 80x25
[ 0.000000] console [tty0] enabled
[ 0.000000] Cannot get hvm parameter CONSOLE_EVTCHN (18): -22!
[ 0.000000] console [ttyS0] enabled
[ 0.000000] allocated 4194304 bytes of page_cgroup
[ 0.000000] please try 'cgroup_disable=memory' option if you don't want memory cgroups
[ 0.000000] tsc: Fast TSC calibration using PIT
[ 0.000000] tsc: Detected 2400.106 MHz processor
[ 0.000000] tsc: Detected 2400.042 MHz TSC
[ 0.033000] Calibrating delay loop (skipped), value calculated using timer frequency.. 4800.08 BogoMIPS (lpj=2400042)
[ 0.054004] pid_max: default: 32768 minimum: 301
[ 0.066049] Security Framework initialized
[ 0.072010] SELinux: Initializing.
[ 0.078026] Yama: becoming mindful.
[ 0.084115] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
[ 0.091198] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes)
[ 0.100093] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes)
[ 0.108011] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes)
[ 0.118188] Initializing cgroup subsys memory
[ 0.125014] Initializing cgroup subsys devices
[ 0.132008] Initializing cgroup subsys freezer
[ 0.139006] Initializing cgroup subsys net_cls
[ 0.146007] Initializing cgroup subsys blkio
[ 0.150005] Initializing cgroup subsys perf_event
[ 0.156009] Initializing cgroup subsys hugetlb
[ 0.161003] Initializing cgroup subsys pids
[ 0.165007] Initializing cgroup subsys net_prio
[ 0.171261] mce: CPU supports 2 MCE banks
[ 0.175032] Last level iTLB entries: 4KB 0, 2MB 0, 4MB 0
[ 0.181004] Last level dTLB entries: 4KB 64, 2MB 0, 4MB 0
[ 0.186005] tlb_flushall_shift: 6
[ 0.190008] Speculative Store Bypass: Vulnerable
[ 0.195003] FEATURE SPEC_CTRL Not Present
[ 0.199003] FEATURE IBPB_SUPPORT Not Present
[ 0.204200] Spectre V2 : Vulnerable: Retpoline without IBPB
[ 0.210043] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
[ 0.238349] ACPI: Core revision 20130517
[ 0.247189] ACPI: All ACPI Tables successfully acquired
[ 0.254007] ftrace: allocating 29205 entries in 115 pages
[ 0.256002] random: fast init done
[ 0.305897] IRQ remapping doesn't support X2APIC mode, disable x2apic.
[ 0.312004] Switched APIC routing to physical flat.
[ 0.320607] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=0 pin2=0
[ 0.339531] smpboot: CPU0: Intel(R) Xeon(R) CPU E5-2676 v3 @ 2.40GHz (fam: 06, model: 3f, stepping: 02)
[ 0.355022] installing Xen timer for CPU 0
[ 0.368113] cpu 0 spinlock event irq 53
[ 0.369020] Performance Events: unsupported p6 CPU model 63 no PMU driver, software events only.
[ 0.373244] Brought up 1 CPUs
[ 0.374009] smpboot: Max logical packages: 15
[ 0.375012] smpboot: Total of 1 processors activated (4800.08 BogoMIPS)
[ 0.376471] NMI watchdog: disabled (cpu0): hardware events not enabled
[ 0.377012] NMI watchdog: Shutting down hard lockup detector on all cpus
[ 0.378267] devtmpfs: initialized
[ 0.380557] EVM: security.selinux
[ 0.381029] EVM: security.ima
[ 0.382022] EVM: security.capability
[ 0.384183] atomic64 test passed for x86-64 platform with CX8 and with SSE
[ 0.385033] pinctrl core: initialized pinctrl subsystem
[ 0.386090] RTC time: 4:35:08, date: 06/10/19
[ 0.387135] NET: Registered protocol family 16
[ 0.388193] ACPI: bus type PCI registered
[ 0.389008] acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
[ 0.390446] PCI: Using configuration type 1 for base access
[ 0.392153] ACPI: Added _OSI(Module Device)
[ 0.393011] ACPI: Added _OSI(Processor Device)
[ 0.394009] ACPI: Added _OSI(3.0 _SCP Extensions)
[ 0.395011] ACPI: Added _OSI(Processor Aggregator Device)
[ 0.396018] ACPI: Added _OSI(Linux-Dell-Video)
[ 0.401442] ACPI: Interpreter enabled
[ 0.402027] ACPI: (supports S0 S3 S4 S5)
[ 0.403008] ACPI: Using IOAPIC for interrupt routing
[ 0.404054] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
[ 0.405299] ACPI: Enabled 2 GPEs in block 00 to 0F
[ 0.488351] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
[ 0.489015] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI]
[ 0.490019] acpi PNP0A03:00: _OSC failed (AE_NOT_FOUND); disabling ASPM
[ 0.491027] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration space under this bridge.
[ 0.493000] acpiphp: Slot [0] registered
[ 0.494441] acpiphp: Slot [3] registered
[ 0.495647] acpiphp: Slot [4] registered
[ 0.496542] acpiphp: Slot [5] registered
[ 0.497563] acpiphp: Slot [6] registered
[ 0.498589] acpiphp: Slot [7] registered
[ 0.499677] acpiphp: Slot [8] registered
[ 0.500524] acpiphp: Slot [9] registered
[ 0.501578] acpiphp: Slot [10] registered
[ 0.502555] acpiphp: Slot [11] registered
[ 0.503574] acpiphp: Slot [12] registered
[ 0.504573] acpiphp: Slot [13] registered
[ 0.505520] acpiphp: Slot [14] registered
[ 0.506696] acpiphp: Slot [15] registered
[ 0.507563] acpiphp: Slot [16] registered
[ 0.508537] acpiphp: Slot [17] registered
[ 0.509539] acpiphp: Slot [18] registered
[ 0.510586] acpiphp: Slot [19] registered
[ 0.511477] acpiphp: Slot [20] registered
[ 0.512474] acpiphp: Slot [21] registered
[ 0.513478] acpiphp: Slot [22] registered
[ 0.514604] acpiphp: Slot [23] registered
[ 0.515597] acpiphp: Slot [24] registered
[ 0.516559] acpiphp: Slot [25] registered
[ 0.517486] acpiphp: Slot [26] registered
[ 0.518526] acpiphp: Slot [27] registered
[ 0.519710] acpiphp: Slot [28] registered
[ 0.520519] acpiphp: Slot [29] registered
[ 0.521560] acpiphp: Slot [30] registered
[ 0.522669] acpiphp: Slot [31] registered
[ 0.523475] PCI host bridge to bus 0000:00
[ 0.524011] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window]
[ 0.525013] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window]
[ 0.526016] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window]
[ 0.527012] pci_bus 0000:00: root bus resource [mem 0xf0000000-0xfbffffff window]
[ 0.528012] pci_bus 0000:00: root bus resource [bus 00-ff]
[ 0.537346] pci 0000:00:01.1: legacy IDE quirk: reg 0x10: [io 0x01f0-0x01f7]
[ 0.538014] pci 0000:00:01.1: legacy IDE quirk: reg 0x14: [io 0x03f6]
[ 0.539011] pci 0000:00:01.1: legacy IDE quirk: reg 0x18: [io 0x0170-0x0177]
[ 0.540009] pci 0000:00:01.1: legacy IDE quirk: reg 0x1c: [io 0x0376]
[ 0.541969] * Found PM-Timer Bug on the chipset. Due to workarounds for a bug,
[ 0.541969] * this clock source is slow. Consider trying other clock sources
[ 0.543627] pci 0000:00:01.3: quirk: [io 0xb000-0xb03f] claimed by PIIX4 ACPI
[ 0.554790] ACPI: PCI Interrupt Link [LNKA] (IRQs *5 10 11)
[ 0.558292] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11)
[ 0.562316] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11)
[ 0.567303] ACPI: PCI Interrupt Link [LNKD] (IRQs *5 10 11)
[ 0.599028] xen:balloon: Initialising balloon driver
[ 0.603200] vgaarb: device added: PCI:0000:00:02.0,decodes=io+mem,owns=io+mem,locks=none
[ 0.604015] vgaarb: loaded
[ 0.605007] vgaarb: bridge control possible 0000:00:02.0
[ 0.606145] SCSI subsystem initialized
[ 0.607058] ACPI: bus type USB registered
[ 0.608038] usbcore: registered new interface driver usbfs
[ 0.609037] usbcore: registered new interface driver hub
[ 0.610053] usbcore: registered new device driver usb
[ 0.611122] EDAC MC: Ver: 3.0.0
[ 0.612996] PCI: Using ACPI for IRQ routing
[ 0.613928] NetLabel: Initializing
[ 0.614009] NetLabel: domain hash size = 128
[ 0.615007] NetLabel: protocols = UNLABELED CIPSOv4
[ 0.616029] NetLabel: unlabeled traffic allowed by default
[ 0.617127] HPET: 3 timers in total, 0 timers will be used for per-cpu timer
[ 0.618026] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0
[ 0.621008] hpet0: 3 comparators, 64-bit 62.500000 MHz counter
[ 0.624030] amd_nb: Cannot enumerate AMD northbridges
[ 0.625034] Switched to clocksource xen
[ 0.635109] pnp: PnP ACPI init
[ 0.639845] ACPI: bus type PNP registered
[ 0.644108] system 00:00: [mem 0x00000000-0x0009ffff] could not be reserved
[ 0.652839] system 00:01: [io 0x08a0-0x08a3] has been reserved
[ 0.658802] system 00:01: [io 0x0cc0-0x0ccf] has been reserved
[ 0.665591] system 00:01: [io 0x04d0-0x04d1] has been reserved
[ 0.685829] system 00:07: [io 0x10c0-0x1141] has been reserved
[ 0.694622] system 00:07: [io 0xb044-0xb047] has been reserved
[ 0.738502] pnp: PnP ACPI: found 8 devices
[ 0.743332] ACPI: bus type PNP unregistered
[ 0.754472] NET: Registered protocol family 2
[ 0.762131] TCP established hash table entries: 8192 (order: 4, 65536 bytes)
[ 0.771558] TCP bind hash table entries: 8192 (order: 5, 131072 bytes)
[ 0.779423] TCP: Hash tables configured (established 8192 bind 8192)
[ 0.786218] TCP: reno registered
[ 0.790841] UDP hash table entries: 512 (order: 2, 16384 bytes)
[ 0.797336] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes)
[ 0.803928] NET: Registered protocol family 1
[ 0.808866] pci 0000:00:00.0: Limiting direct PCI/PCI transfers
[ 0.815293] pci 0000:00:01.0: PIIX3: Enabling Passive Release
[ 0.822831] pci 0000:00:01.0: Activating ISA DMA hang workarounds
[ 0.829686] RAPL PMU: API unit is 2^-32 Joules, 3 fixed counters, 655360 ms ovfl timer
[ 0.838444] RAPL PMU: hw unit of domain pp0-core 2^-14 Joules
[ 0.848977] RAPL PMU: hw unit of domain package 2^-14 Joules
[ 0.860997] RAPL PMU: hw unit of domain dram 2^-16 Joules
[ 0.870011] sha1_ssse3: Using AVX2 optimized SHA-1 implementation
[ 0.879015] sha256_ssse3: Using AVX2 optimized SHA-256 implementation
[ 0.889003] futex hash table entries: 4096 (order: 6, 262144 bytes)
[ 0.898305] Initialise system trusted keyring
[ 0.906193] audit: initializing netlink socket (disabled)
[ 0.911444] type=2000 audit(1560141308.791:1): initialized
[ 0.939805] HugeTLB registered 2 MB page size, pre-allocated 0 pages
[ 0.948315] zpool: loaded
[ 0.952475] zbud: loaded
[ 0.956299] VFS: Disk quotas dquot_6.5.2
[ 0.960830] Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
[ 0.968459] msgmni has been set to 1973
[ 0.973029] Key type big_key registered
[ 0.977696] NET: Registered protocol family 38
[ 0.982929] Key type asymmetric registered
[ 0.994689] Asymmetric key parser 'x509' registered
[ 1.002430] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 248)
[ 1.010762] io scheduler noop registered
[ 1.015217] io scheduler deadline registered (default)
[ 1.020203] io scheduler cfq registered
[ 1.024396] io scheduler mq-deadline registered
[ 1.032391] io scheduler kyber registered
[ 1.057909] pci_hotplug: PCI Hot Plug PCI Core version: 0.5
[ 1.066003] pciehp: PCI Express Hot Plug Controller Driver version: 0.4
[ 1.073393] shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
[ 1.085599] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0
[ 1.096126] ACPI: Power Button [PWRF]
[ 1.100584] input: Sleep Button as /devices/LNXSYSTM:00/LNXSLPBN:00/input/input1
[ 1.117456] ACPI: Sleep Button [SLPF]
[ 1.123301] GHES: HEST is not enabled!
[ 1.128211] xen:grant_table: Grant tables using version 1 layout
[ 1.133883] Grant table initialized
[ 1.141515] Cannot get hvm parameter CONSOLE_EVTCHN (18): -22!
[ 1.150170] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
[ 1.191868] 00:06: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A
[ 1.198236] Non-volatile memory driver v1.3
[ 1.202620] Linux agpgart interface v0.103
[ 1.214443] crash memory driver: version 1.1
[ 1.224144] rdac: device handler registered
[ 1.228748] hp_sw: device handler registered
[ 1.233225] emc: device handler registered
[ 1.239522] alua: device handler registered
[ 1.244252] libphy: Fixed MDIO Bus: probed
[ 1.249795] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 1.255860] ehci-pci: EHCI PCI platform driver
[ 1.266779] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
[ 1.275309] ohci-pci: OHCI PCI platform driver
[ 1.280149] uhci_hcd: USB Universal Host Controller Interface driver
[ 1.286429] usbcore: registered new interface driver usbserial_generic
[ 1.293367] usbserial: USB Serial support registered for generic
[ 1.299490] i8042: PNP: PS/2 Controller [PNP0303:PS2K,PNP0f13:PS2M] at 0x60,0x64 irq 1,12
[ 1.310992] serio: i8042 KBD port at 0x60,0x64 irq 1
[ 1.316187] serio: i8042 AUX port at 0x60,0x64 irq 12
[ 1.321837] mousedev: PS/2 mouse device common for all mice
[ 1.328602] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input2
[ 1.339792] rtc_cmos 00:02: rtc core: registered rtc_cmos as rtc0
[ 1.345882] rtc_cmos 00:02: alarms up to one day, 114 bytes nvram, hpet irqs
[ 1.360276] cpuidle: using governor menu
[ 1.365523] hidraw: raw HID events driver (C) Jiri Kosina
[ 1.371455] usbcore: registered new interface driver usbhid
[ 1.377505] usbhid: USB HID core driver
[ 1.384544] drop_monitor: Initializing network drop monitor service
[ 1.394748] TCP: cubic registered
[ 1.398447] Initializing XFRM netlink socket
[ 1.402918] NET: Registered protocol family 10
[ 1.408853] NET: Registered protocol family 17
[ 1.413762] mpls_gso: MPLS GSO support
[ 1.418580] intel_rdt: Intel RDT L3 allocation detected
[ 1.424320] Loading compiled-in X.509 certificates
[ 1.429870] Loaded X.509 cert 'CentOS Linux kpatch signing key: ea0413152cde1d98ebdca3fe6f0230904c9ef717'
[ 1.448300] Loaded X.509 cert 'CentOS Linux Driver update signing key: 7f421ee0ab69461574bb358861dbe77762a4201b'
[ 1.458077] Loaded X.509 cert 'CentOS Linux kernel signing key: 8de64fb5969b557edc7f032eeabcbe4f37177f4e'
[ 1.469216] registered taskstats version 1
[ 1.474459] Key type trusted registered
[ 1.479433] Key type encrypted registered
[ 1.484383] IMA: No TPM chip found, activating TPM-bypass! (rc=-19)
[ 1.491593] xenbus_probe_frontend: Device with no driver: device/vbd/768
[ 1.498647] xenbus_probe_frontend: Device with no driver: device/vif/0
[ 1.505543] Magic number: 7:202:565
[ 1.510384] rtc_cmos 00:02: setting system clock to 2019-06-10 04:35:10 UTC (1560141310)
[ 1.872128] tsc: Refined TSC clocksource calibration: 2399.999 MHz
[ 2.221301] input: ImExPS/2 Generic Explorer Mouse as /devices/platform/i8042/serio1/input/input3
[ 2.230566] md: Waiting for all devices to be available before autodetect
[ 2.238754] md: If you don't use raid, use raid=noautodetect
[ 2.244182] md: Autodetecting RAID arrays.
[ 2.248408] md: autorun ...
[ 2.252532] md: ... autorun DONE.
[ 2.256970] List of all partitions:
[ 2.262893] No filesystem could mount root, tried:
[ 2.284579] Kernel panic - not syncing: VFS: Unable to mount root fs on unknown-block(0,0)
[ 2.285555] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 3.10.0-957.12.2.el7.x86_64 #1
[ 2.285555] Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006
[ 2.285555] Call Trace:
[ 2.285555] [<ffffffffbcf63041>] dump_stack+0x19/0x1b
[ 2.285555] [<ffffffffbcf5c750>] panic+0xe8/0x21f
[ 2.285555] [<ffffffffbd586761>] mount_block_root+0x291/0x2a0
[ 2.285555] [<ffffffffbd5867c3>] mount_root+0x53/0x56
[ 2.285555] [<ffffffffbd586902>] prepare_namespace+0x13c/0x174
[ 2.285555] [<ffffffffbd5863df>] kernel_init_freeable+0x1f8/0x21f
[ 2.285555] [<ffffffffbd585b1f>] ? initcall_blacklist+0xb0/0xb0
[ 2.285555] [<ffffffffbcf51120>] ? rest_init+0x80/0x80
[ 2.285555] [<ffffffffbcf5112e>] kernel_init+0xe/0x100
[ 2.285555] [<ffffffffbcf75c37>] ret_from_fork_nospec_begin+0x21/0x21
[ 2.285555] [<ffffffffbcf51120>] ? rest_init+0x80/0x80

Microsoft Hyper-V: Creating Windows Template (Golden Image)

Steps to Create a Windows Template

Assuming that the Windows Template guest VM has already been spun up and configured, the next step would be to “SysPrep” it prior to converting the image into a template.

Run: sysprep.exe > select Out-of-Box Experience > Generalize > Shutdown

Alternative command line:

%WINDIR%\system32\sysprep\sysprep.exe /generalize /shutdown /oobe

After the template VM has been shutdown from the previous move, navigate to the named target machine > right-click it > click Export… > Specify the exporting storage location > click Export to initiate the task

Once this exporting process completes, the original machine could either be retained for future update and re-export or deleted as the golden image has already been generated. Common practice is to leave the original image as-is.

A Punch of Clicks to Import a Template

Note: Hyper-V will make an exact copy of the chosen image during the exporting steps. Hence, it will be necessary to manually change the server name label, rename the disk(s), change the settings of the new VM to point to this newly renamed disk file

To rename the VM disk, navigate to C:\MSClusterStorage\Volume1\VHD\SERVER007\Virtual Hard Disks > right-click a desired disk file > rename (e.g. SERVER007.vhdx) > input a new name > press Enter

To Import an Exported VM, navigate to Hyper-V Manager > select the host where a new VM is to be deployed > right-click it > Import Virtual Machine… > select the correct folder and image file that has been generated by the previous export > at the Choose Import Type option, select “Copy the virtual machine (create a new unique ID)” radio button > specify the destination storage location for the new VM similar to an example below:

Virtual Machine configuration folder: C:\MSClusterStorage\Volume1\VHD\SERVER007
Checkpoint store: C:\MSClusterStorage\Volume1\VHD\SERVER007\Snapshots
Smart Paging folder: C:\MSClusterStorage\Volume1\VHD\SERVER007
Specify Virtual hard disks to use: C:\MSClusterStorage\Volume1\VHD\SERVER007\Virtual Hard Disks\SERVER007.vhdx

Click Import when done > navigate to the newly imported VM (that may have the same label as the original template) > right-click it > Settings… > verify that the Hard Drive is set at the correct location to confirm that it is indeed a new machine > set CD Rom attached ISO to ‘none’ > OK > right-click the imported machine again > rename > input a desired name for the new machine > press Enter to make the renaming function effective > right-click the renamed VM > Start > right-click it once more > connect > Access the console of the running VM to proceed with OS reconfigurations

Note that the networking aspects are reset during sysprep, thus it would be necessary to run ncpa.cpl to reconfigure IPV4 properties of the newly created Windows VM.

Alternative, there is a PowerShell script to perform the steps above: https://gallery.technet.microsoft.com/scriptcenter/To-create-a-virtual-190affb3

Me now considering a fork of that script and add some new features… Until then…

VMWare vSphere Site Recovery Manager (SRM)

1. Creating folders to group VM clients for application

From Home > vCenter > Select “VMs and Templates”

Expand Data Center and right click on datacenter > from context menu choose “All vCenter Actions” > from context menu, choose “New VM and Template Folder…”

Add the VMs to the folder

2. Configuring Replication for Guest VMs

Once all VMs have been added to folder, select one VM > right -click it > from context menu select “All vSphere Replication Actions” > Configure Replication…

A new window titled “Configure Replication for ….” will open > select “Replicate to VCenter Server” as Replication type

Target site select “PHOENIX” (this shows as connected because the prerequisites have been done to ensure that these sites SRM services are functional)

At the Replication server options, choose “Select vSphere Replication server” > select an available host from the list

At the Target location options, select the equivalent data store (use “Filter Datastores” to locate the correct datastore) > Select Advanced configuration if each disk has a specific datastore

At the Replication options, click next > at the Recovery settings, select your Recovery Point Objective > set to 15 minutes (Setting can be changed later if required)

Review the selections and click Finish > Repeat these steps for all VM Clients targeted for replication > Once all targeted VMs are set for replication, navigate back to “Home” screen > vSphere Replication > Select “Home” tab

Click on “Monitor” and verify status of newly set up VMs for replication is “Initial Full Sync”

3. Setting Up Protection Groups

Click “Home” > Site Recovery

Select “Protection Groups” > click on the Shield icon with the plus sign to create a new Protection Group

When the Create Protection Group window opens > Name this new Protection Group

Protection Group type select Protected Site “IRVINE” and Replication type “vSphere Replication (VR)”

At the Virtual machines option, select all of your VMs in the group

Optional: fill out a description for the Protected Group

Review the selections > click Finish

Double click on Protected Group

Select “Related Objects” tab > Virtual Machines

Select a VM > right click > Configure Protection

When the VM Protection Properties window opens, expand items marked as “Not Configured”

Select “Folder” to specify the folder where VM will be at Recovery Site > put a check mark next to “Save as Inventory Mapping”

Verify Resource Pool

Verify Network > save configuration when ready

4. Creating a Recovery Plan

Navigate back to Site Recovery Home by clicking the back bottom

Click on the new page with plus sign

When a new window named “Create Recovery Plan” opens, Name this new recovery plan

Choose Recovery site PHOENIX

Choose Protection Group

Test Network > change option from Isolated network (auto create) to 000_isolated for all networks

Input a description for this recovery plan

Review the options > click finish when ready

5. Configuring Recovery Plans

Double click on the new recovery Plan

Select Related Objects tab

Click on Virtual Machines and right click one of the VMs > Configure Recovery…

VM Recovery Properties Window Opens

Select IP Customization > Expand “Select an IP Customization mode:” and choose “Manual IP Customization”

Select “Configure Protection…” at the bottom

Enter the IP address information for Protected Site

Repeat the same steps for Recovery Site > Navigate back to Recovery Properties and change Priority Group > typical guidelines is to select Priority 1 if VMs are SQL servers and Priority 3 if VMs are application servers

Click Ok > Repeat these steps for all VMs inside the Protection group to finish the job

Overview of Microsoft Azure Networking

Private connections into Azure are either via ExpressRoute (comparable to AWS DirectConnect) or VPN. The former is more expensive than the latter with the benefits of providing an additional layer of security – routing packets through non-public Internet. Here is the run-down of Azure networking with some practical examples.

Virtual Network (VNet)

  • No overlapping subnets
  • Can contain multiple subnets
  • No multicast and broadcast spanning between VNets
  • First 5 IP addresses in any subnets are reserved for Azure
  • IP addresses in VNets are classless; thus, Classless Inter-Domain Routing (CIDR) convention is used (e.g. x.x.x.x/8 or x.x.x.x/29)
  • Peering or Virtual Network Gateway are common practices
  • Private DNS can be set to bypass the default Azure assignment
  • VNet-2-VNet and VNet peering are options to securely joint disparate subnets within Azure

Network Security Group (NSG)

  • uses Access Control List (ACL) to filter traffic. 
  • Default outbound traffic is unrestricted.
  • A typical setup would include two (2) NSGs: (1) to for Backend subnet and (1) for Frontend subnet. 
  • Not application aware (layer 7)
  • 100 rules limit per region
  • Inbound/Outbound rule labels:
    • Service
    • Port range
    • Priority
    • Name
    • Description

Virtual Network Gateway

  • Connects on-prem networks into Azure Vnets
  • Types
    • VPN: uses public routing. 4 SKU’s with speed-based pricing. Basic 100Mbps, VpnGw1 650Mbps, VpnGW2 1Gbps, VpnGW3 1.25Gbps
    • ExpressRoute: uses MPLS circuits, logical dual BGP circuit on layer 3 (requires 2 x x.x.x.x/30 subnets per peer), typical providers are Equinix or Megaport, Azure private peering is matched with tunnel on-prem using BGP
    • Hybrid: Site-2-site and/or Point-2-site
  • Must be connected to an existing VNet
  • Route based: dynamic and most common
  • Policy based: static and does not support IKEv2
  • Site-to-site: supports active-active and active-passive. BGP, Available on SKU VpnGw1 and above
  • Point-to-site: supports only active-passive
  • Limit of 1 gateway per VNet

How to Create VPN Gateway in Azure

Access Azure portal > select Create a resource > Networking Services > choose Local Network Gateway > input sample values in these fields and wait 29 minutes 59 seconds

  • Name: VPN1
  • Address space (local summarized subnets): 
  • Subscription: default
  • Resource group: create if one doesn’t exist
  • Region: US West
  • Type: VPN
  • VPN type: Route based
  • SKU: VpnGw1 (default)
  • VNET: Dev
  • Public IP: Create new
  • IP Name: VPN1_GW
  • Active-active: Disabled
  • BGP: Disabled

How to Create Site-to-site VPN in Azure

Access Azure portal > select Create a resource > Networking Services > Add Connection > fill in the blanks

  • Name: S2S_VPN
  • Connection type: site-to-site
  • Local network gateway > click Create
    • Local_Gateway
    • IP address: x.x.x.x (this is the public IP of the on-prem gateway)
    • Address space: x.x.x.x/CIDR_MASK
    • Shared Key: PSK_somestring
    • RSG: locked

How to Create Point-to-site in Azure

Access Azure portal > select Create a resource > Networking Services > Add Connection > fill in the blanks

  • Name: P2S_VPN
  • Address Pool: x.x.x.x/CIDR_MASK (this is the local subnet)
  • Tunnel Type: Open VPN
  • Auth Type: Azure Cert

How to Create ExpressRoute Gateway

Access Azure portal > select Create a resource > Networking Services > choose Express Route Gateway > input these values

  • Subscription: Default
  • Resource Group: Derived
  • Name: ER_Gateway
  • Region: US West
  • Type: Express Route
  • SKU: Standard
  • VNET: Create new or use existing
  • Virtual Network: ER_VNnet
  • Virtual Network IP: x.x.x.x/CIDR_MASK
  • Public IP: Create new
  • IP Name: ER_Public_IP

How to Create ExpressRoute Circuit

Access Azure portal > Home > Express Route Circuits > fill in the blanks

  • Circuit Name: ExpressRoute
  • Provider: T&TA
  • Peering Location: <blank>
  • Bandwidth: 50Mbps
  • SKU: Standard
  • Billing model: metered
  • Sub: Free Trial
  • Resource Group: Some_RG
  • Location: US West

Cisco Fabric Switch – MDS Zoning Template

<# What this script does:
1. Checks to see if an Internet connection via PowerShell exists, if not fixes it for this session
2. Adds VMware.PowerCLI module if one doesn't already exist in host system
3. Asks for vSphere Administrator credential then checks whether it's valid; then, saves that credential into a XML hash file
4. Connects to each vSphere server as specified in the header section and parse through all hosts that is attached to each cluster
5. Obtains PWWN information of all nodes
6. Skips any node that has certificate issues
7. Displays the nodes for user to chose as an index number
8. Shows an "MDS Template" configuration basing on the user's selection in the step prior
9. Exits the program upon user request
10. Asks the user whether the saved credentials be deleted or retained for future use

What it doesn't do:
1. Does not do anything that's not listed above, including NOT fixing certificate errors in vSphere
2. Does not write to ESXi hosts
3. Does not open a SSH session and automatically commit configurations into MDS switches

How to use it:
1. Copy the entire contents of this into a file onto your desktop with a name such as "mds-script.ps1"
2. Right-click and select "Run with Powershell"
3. Copy the output and paste into your targeted Cisco Nexus Operating System (NX-OS) SAN switches, not sandwiches.

#>

# Header Section: update variables only in these lines
$vSpheres="vCenter01","vCenter02"
$proxy="http://proxy:8080"
$exclusionList="localhost;*.kimconnect.com"
$vsans=("VSAN 10","001","011","111","211","311"),("VSAN 20","002","012","112","212","312")


# Ensure that script is ran in the context of an Administrator
$myWindowsID=[System.Security.Principal.WindowsIdentity]::GetCurrent()
$myWindowsPrincipal=new-object System.Security.Principal.WindowsPrincipal($myWindowsID)

# Get the security principal for the Administrator role
$adminRole=[System.Security.Principal.WindowsBuiltInRole]::Administrator

# Check to see if we are currently running "as Administrator"
if ($myWindowsPrincipal.IsInRole($adminRole))
{
# We are running "as Administrator" - so change the title and background color to indicate this
$Host.UI.RawUI.WindowTitle = $myInvocation.MyCommand.Definition + "(Elevated)"
$Host.UI.RawUI.BackgroundColor = "Black"
clear-host
}
else
{
# We are not running "as Administrator" - so relaunch as administrator

# Create a new process object that starts PowerShell
$newProcess = new-object System.Diagnostics.ProcessStartInfo "PowerShell";

# Specify the current script path and name as a parameter
$newProcess.Arguments = $myInvocation.MyCommand.Definition;

# Indicate that the process should be elevated
$newProcess.Verb = "runas";

# Start the new process
[System.Diagnostics.Process]::Start($newProcess);

# Exit from the current, unelevated, process
exit
}

# Put error log in same directory as script
$scriptName=$MyInvocation.MyCommand.Path
$scriptPath=(Get-Item -Path ".\").FullName
$errorLogPath=($scriptPath+"\$scriptName`_Errors.txt")

function checkProxy{
try{
$connectionTest=iwr download.microsoft.com
#$connectionSucceeds=Test-NetConnection -Computername download.microsoft.com -Port 443 -InformationLevel Quiet
if ($connectionTest){
return $True;
}
}
catch{
return $False
}
}

function fixProxy{
# Check if proxy is enabled on the system and fix it
$proxyKey=(Get-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings")
if ($proxyKey.ProxyEnable){
# Set http proxy for browsers
Set-Itemproperty -path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name 'ProxyServer' -value $proxy

# Set winhttp proxy for PowerShell
netsh winhttp set proxy $proxy $exclusionList

[system.net.webrequest]::defaultwebproxy = New-Object system.net.webproxy($proxy)
[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
}

if (checkProxy){
"Proxy is now good to go..."
}
else{
"Proxy problems..."
break;
}
}

if(!(checkProxy)){"Internet issues detected. Fixing now..."; fixProxy;}

# Set PowerShell Gallery as Trusted to bypass prompts
$trustPSGallery=(Get-psrepository -Name 'PSGallery').InstallationPolicy
If($trustPSGallery -ne 'Trusted'){
Set-PSRepository -Name 'PSGallery' -InstallationPolicy Trusted -Confirm:$false
}

# Include the required WMWare PowerCLI module from the PowerShell Gallery
if (!(Get-InstalledModule -Name VMware.PowerCLI)) {

Install-Module -Name VMware.PowerCLI -AllowClobber -Force; #Warning: this module will clobber some commmands from Microsoft SQL PowerShell module

# Ignore cert errors and other messages
Set-PowerCLIConfiguration -ParticipateInCeip $False -Confirm:$False;
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$False;
}
else{
# Ignore cert errors and other messages
Set-PowerCLIConfiguration -ParticipateInCeip $False -Confirm:$False;
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$False;
cls;
}

<#
# Check if proxy is enabled, then assign the proper proxy server
if((Get-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings").ProxyEnable) {
Set-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" ProxyServer -value $proxy
$PSDefaultParameterValues = @{ "*:Proxy"=$proxy}}
#>

<#
# Future development:
# function validateAdmin
# function checkIfRecordsExist
# Apply script to targets
#>


# Save Credentials into XML file for future use
$domain=$env:USERDOMAIN
$goodCredential=$False
$credentialsFolder="$scriptPath\Credentials"
$credentialsFolderExists=[System.IO.Directory]::Exists($credentialsFolder)
if(!($credentialsFolderExists)){mkdir $credentialsFolder;}

# Obtain username to check whether such credential has been saved prior
$user=(Read-Host -Prompt 'Input a vSphere Administrator Username');
$credentialFile="$credentialsFolder\"+"$user`.clixml"
$credentialFileExists=[System.IO.File]::Exists($credentialFile)
if(!($credentialFileExists)){
"This credential has not been saved previously.";
$GLOBAL:reaskUsername=$False;
$goodCredential=$False;
}

function getCredential{
if ($reaskUsername){
$GLOBAL:user=(Read-Host -Prompt 'Input a vSphere Administrator Username');
}
$GLOBAL:credentialFile="$credentialsFolder\"+"$user`.clixml"
$userID = "$domain\"+"$user"
$securedValue = (Read-Host -AsSecureString -Prompt "Input the password for account $userID")
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($securedValue))
$pass = ConvertTo-SecureString -AsPlainText $Password -Force
$GLOBAL:cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userID,$pass
$GLOBAL:credentialFile="$credentialsFolder\"+"$user`.clixml"
$GLOBAL:credentialFileExists=[System.IO.File]::Exists($credentialFile)
}

function testCredential{
$connection=connect-viserver $vSpheres[0] -Protocol https -Credential $cred -ErrorAction SilentlyContinue
if($connection -eq $null) {
write-host "No connected servers or credential doesnt work."
$GLOBAL:goodCredential=$false;
$GLOBAL:reaskUsername=$True;
}
else{
#"Credential works. Thus, it has been saved at $credentialFile for future use."
Disconnect-VIServer -Server $global:DefaultVIServers -Force -Confirm:$false
cls;
$cred | Export-Clixml $credentialFile;
#$GLOBAL:goodCredential=$True;
break;
}
}

if(!($credentialFileExists)){
# Test credential and reprompt if it doesn't work
while ($goodCredential -eq $False){
getCredential;
testCredential;
}
}

function selectRecord{
$display
$count=$collection.count-1

# Require user input with a loop
$index="";
while ($index.ToLower() -ne "exit"){
try {
[string]$index=Read-Host -Prompt "Please type the index number from 0 to $count`. To Exit, type 'exit' or press Ctrl+C";
if ($index.ToLower() -eq "exit"){break;}
if ([int]$index -gt $count -or [int]$index -lt 0){
"Please pick a number within the range of 0 to $count";
}
else{
generateScript $collection[$index];
}
}
catch {
#$_.Exception.Message;
}
}#end while
}

function vConnect ($vCenterName,$credential) {

#Connect-Viserver $vCenterName -Credential $cred
$hosts=Connect-Viserver $vCenterName -Protocol https -Credential $credential -ErrorAction SilentlyContinue
if($hosts -eq $null) {
# Newer version of PowerCLI doesn't work with vCenter 5.5; thus PowerCLI 6.5R1 is required
"Unable to connect to $vCenterName. That vSphere and its associated clusters scanning have been skipped...";
$GLOBAL:skip = $True;
}
else{
"Scanning $vCenterName..."
$GLOBAL:skip = $False;
}
}

function retrieveRecords{
$records=@()

# Ensure that TLS 1.2 is used
[Net.ServicePointManager]::Expect100Continue = $true;
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

$cred=(Import-clixml $credentialFile)

try{
foreach ($vSphere in $vSpheres){
try{
#Connect-VIServer -Server $vSphere -Protocol https -credential $cred
vConnect $vSphere $cred

if (!($skip)){
$GLOBAL:esxHosts = Get-VMHost # All hosts connected in vCenter
foreach ($esx in $esxHosts){
$hbas = Get-VMHostHba -VMHost $esx -Type FibreChannel
$esxName=($esx.Name -split '\.')[0]

$portNames=@()
$record=@()

foreach ($hba in $hbas){
$wwpn = ("{0:x}" -f $hba.PortWorldWideName) -replace '..(?!$)', '$&:'
#$wwnn = ("{0:x}" -f $hba.NodeWorldWideName) -replace '..(?!$)', '$&:'
#$portNames += $wwnn,$wwpn
$portNames += $wwpn
}
$record += @($esxName,@($portNames))
$records+=,@($record)
}
Disconnect-VIServer -Server $global:DefaultVIServers -Force -Confirm:$false
}

}
catch{continue;}
}
} #closure of try
catch{
$errorMsg = (Get-Date -Format g)+": "+ $_.Exception.Message
$errorMsg
# Add-Content $errorLogPath $errorMsg
# "There was an error, and the log is updated at this location: '$errorLogPath'."
Break;
}
finally{
$count=$records.count
$show="`n--------------------------------------------------`nThere are $count ESXi hosts with HBA connection records: `n--------------------------------------------------`n"
for ($row=0;$row -le $records.count-1;$row++){
$server=$records[$row][0]
$show += "$row" + ": " + "$server" + "`n"
}
}
$GLOBAL:collection=$records
$GLOBAL:display=$show
}

function generateScript($item){
$output=""
$hostName=$item[0]
$wppns=$item[1]
# $firstChars=(-join ($hostName.ToCharArray() | Select-Object -First 2)).ToUpper()
$firstChars=[string]$hostName.Substring(0,2)


for ($i=0;$i -le $specialConfigs.count-1; $i++){
if ($firstChars -eq $SpecialConfigs[$i][0]){
$writeConfig=$specialConfigs[$i][1];
}
}

<#
Note: This is for an environment without iSCSI
vmhba0 is the internal Smart Array controller; this its PWWN shall not be used to configure the Cisco SAN switches.
vmhba64 is associated with VSAN10 and vmhba65 with VSAN20.
#>
"`n############################# Configuration Script for $($hostName.ToString().ToUpper()) ########################################"
foreach ($vsan in $vsans) {
$firstElement=$vsan[0]
$secondElement=$vsan[1]
$thirdElement=$vsan[2]
$fourthElement=$vsan[3]
$fifthElement=$vsan[4]
$sixthElement=$vsan[5]

# There should be 2 items in the wppns array: first item will associate with VSAN 10, and second with VSAN 20
if($firstElement -eq "VSAN 10"){$thisWPPN=$wppns[0];}
else{$thisWPPN=$wppns[1];}

# Different versions of firmware may require varying last commit lines
Switch ($firstChars){
"mp"{$lastLines="copy running-config startup-config`ny"}
"lp"{$lastLines="zone commit $firstElement`ncopy running-config startup-config fabric"}
"rp"{$lastLines="copy running-config startup-config`ny"}
}

# The first characters of hostname will correspond to its regional 3PAR SAN storage name
$sanName="h3pss001"
Switch ($firstChars){
"mp"{$sanName="mp"+"$sanName"+"_";}
"lp"{$sanName="lp"+"$sanName"+"_";}
"rp"{$sanName="mp"+"$sanName"+"_";}
}

$output += "
##################################################################################################################################
######### SAN Name: $sanName`: $firstElement #########
config t

fcalias name $hostName`_"+"$secondElement $firstElement
member pwwn $thisWPPN
exit

zone name $hostName`_"+"$secondElement`-$sanName"+"$thirdElement $firstElement
member fcalias $hostName`_"+"$secondElement
member fcalias $sanName"+"$thirdElement
exit

zone name $hostName`_"+"$secondElement`-$sanName"+"$fourthElement $firstElement
member fcalias $hostName`_"+"$secondElement
member fcalias $sanName"+"$fourthElement
exit

zone name $hostName`_"+"$secondElement`-$sanName"+"$fifthElement $firstElement
member fcalias $hostName`_"+"$secondElement`
member fcalias $sanName"+"$fifthElement
exit

zone name $hostName`_"+"$secondElement`-$sanName"+"$sixthElement $firstElement
member fcalias $hostName`_"+"$secondElement`
member fcalias $sanName"+"$sixthElement
exit

zoneset name ZoneSet01 $firstElement
member $hostName`_"+"$secondElement`-$sanName"+"$thirdElement
member $hostName`_"+"$secondElement`-$sanName"+"$fourthElement
member $hostName`_"+"$secondElement`-$sanName"+"$fifthElement
member $hostName`_"+"$secondElement`-$sanName"+"$sixthElement
exit

zoneset activate name ZoneSet01 $firstElement
$lastLines

### Useful show commands #########################################################################################################
# show zoneset | inc '$hostName' # To check zonesets for matches of the new servername
# show zoneset active | inc '$thisWPPN' # To check active zoneset for matches of a specific wppn
# show flogi database | inc '$thisWPPN' # To show the Fabric Login database for matches of a specific wppn
# show fcalias name $hostName`_"+"$secondElement $firstElement # To check VSAN 10 for any entries of the specific fcalias
# show fcalias $firstElement # To display the long output of all VSAN 10 configs. Useful to perform verification holistically
##################################################################################################################################
"
}
$output
selectRecord
}

function askRemoveCredential{
$GLOBAL:cleanCred=Read-Host -Prompt "`nRecords have been retrieved using a saved credential on this computer. Would you like to remove that credential file now? 'Yes' or 'No'"
if ($cleanCred.ToLower() -eq 'yes' -or $cleanCred.ToLower() -eq 'y' ){
Remove-Item -path $credentialFile;
}
}

retrieveRecords
askRemoveCredential
selectRecord

Output:

PS C:\Scripts> C:\Scripts\MDS-Zoning.ps1
Input the Admin Username: kim

Name Port User
---- ---- ----
vcenter01.kimconnect.com 443 KIMCONNECT\kim

--------------------------------------------------
There are 8 ESXi hosts with HBA connection records:
--------------------------------------------------
0: irv-esxi02b
1: irv-esxi01b
2: aws-esxi01c
3: irv-esxi01d
4: irv-esxi02d
5: irv-esxi01a
6: irv-esxi02a
7: irv-esxi03a

Please type the index number corresponding to the desired ESXi Host to generate a MDS Zoning Configuration template.
To end program, please type 'exit' and press [Enter]: 1

############################# Configuration Script for irv-ESXI01B #############################

##############################################################
## VSAN01 ##
config t

fcalias name irv-esxi01b_001 VSAN01
member pwwn 88:88:88:88:4e:d0:00:20
exit

zone name irv-esxi01b_001-fl-3par01_011 VSAN01
member fcalias irv-esxi01b_001
member fcalias fl-3par01_011
exit

zone name irv-esxi01b_001-fl-3par01_111 VSAN01
member fcalias irv-esxi01b_001
member fcalias fl-3par01_111
exit

zone name irv-esxi01b_001-fl-3par01_211 VSAN01
member fcalias irv-esxi01b_001
member fcalias fl-3par01_211
exit

zone name irv-esxi01b_001-fl-3par01_311 VSAN01
member fcalias irv-esxi01b_001
member fcalias fl-3par01_311
exit

zoneset name ZoneSet01 VSAN01
member irv-esxi01b_001-fl-3par01_011
member irv-esxi01b_001-fl-3par01_111
member irv-esxi01b_001-fl-3par01_211
member irv-esxi01b_001-fl-3par01_311
exit

zoneset activate name ZoneSet01 VSAN01
copy running-config startup-config
show fcalias VSAN01

### Useful show commands ###
# show fcalias vsan VSAN01
# show zoneset active
# show flogi database | inc '88:88:88:88:4e:d0:00:20'
##############################################################

##############################################################
## VSAN02 ##
config t

fcalias name irv-esxi01b_002 VSAN02
member pwwn 88:88:88:88:4e:d0:00:22
exit

zone name irv-esxi01b_002-fl-3par01_012 VSAN02
member fcalias irv-esxi01b_002
member fcalias fl-3par01_012
exit

zone name irv-esxi01b_002-fl-3par01_112 VSAN02
member fcalias irv-esxi01b_002
member fcalias fl-3par01_112
exit

zone name irv-esxi01b_002-fl-3par01_212 VSAN02
member fcalias irv-esxi01b_002
member fcalias fl-3par01_212
exit

zone name irv-esxi01b_002-fl-3par01_312 VSAN02
member fcalias irv-esxi01b_002
member fcalias fl-3par01_312
exit

zoneset name ZoneSet01 VSAN02
member irv-esxi01b_002-fl-3par01_012
member irv-esxi01b_002-fl-3par01_112
member irv-esxi01b_002-fl-3par01_212
member irv-esxi01b_002-fl-3par01_312
exit

zoneset activate name ZoneSet01 VSAN02
copy running-config startup-config
show fcalias VSAN02

### Useful show commands ###
# show fcalias vsan VSAN02
# show zoneset active
# show flogi database | inc '88:88:88:88:4e:d0:00:22'
##############################################################


--------------------------------------------------
There are 8 ESXi hosts with HBA connection records:
--------------------------------------------------
0: irv-esxi02b
1: irv-esxi01b
2: aws-esxi01c
3: irv-esxi01d
4: irv-esxi02d
5: irv-esxi01a
6: irv-esxi02a
7: irv-esxi03a

Please type the index number corresponding to the desired ESXi Host to generate a MDS Zoning Configuration template.
To end program, please 'exit' and press [Enter]: exit
Program Exited.

Overview of Veeam Backup and Restore

Prepare the Environment
Permissions

– Active Directory: create a service account as a member of Domain Admins group
– Dedicated Veeam Server: include the service account into the Local Administrators group
– Linux instances: create a user account with root privileges (member of wheel or sudoers)
– SQL: sa permissions to simplify setups
– Oracle: ensure that Veeam service account is a member of ORA_ASMADMIN, ORA_DBA, and local administrator / root
– Sharepoint: grant sa permissions on SQL and Farm Administrator role
– Microsoft Hyper-V: give Local Administrator rights on hosts
– VMWare: add service account as member of the vSphere Administrators group if AD integrated or sysadmin access on hosts
– Veeam Backup & Replication Console: ensure that the install account has Local Admin rights

Networking

– Reserve a static IP address and FQDN for the Veeam Server
– Verify that ingress traffic is not blocked by any hardware or software firewalls toward Veeam Server on these ports: TCP/80, TCP/443, TCP/9392, TCP/9393, TCP/9401 (defaults)

Storage

Although installing a storage source is beyond the scope of this document, it is notable that Veeam is compatible with most of DAS, RDM, SAN, i-SAN, iSCSI, NFS, SMB, tape libraries (although VMware does not support VM pass-through of this type), LTO and Vitual Tape Libraries (e.g. Amazon Glacier with Storage Gateway) and other protocols as long as the host OS and service account is able to read/write to these sources.

The amount of storage affects the type of retention policies. Below is a typical estimate in an example scenario of 15 TB of data, Forward Incremental, Daily Backup, 30 Day Retention, Monthly Full

    • Estimated Full Backup Size: 15TB * 50% (2:1 Compression) = 7.5TB
    • Estimated space for 3 Monthly Fulls (Max req for 30 Day Retention): 7.5TB * 3 = 22.5TB
    • Estimated Forward Incremental Size Max: 7.5TB * 5% * 60 = 22.5TB
    • Estimated total Backup Size: 22.5TB + 22.5TB = 45TB
Obtain Software & Licensing

– Download the Installation software from: https://www.veeam.com/downloads.html
– Products comparison is here: https://www.veeam.com/products-edition-comparison.html
– In general, Veeam Backup Essentials is recommended for environments that consist of six (6) CPU sockets or less. This corresponds to the VMWare Essentials licensing limitations. Hence it would also be necessary to purchase a VMware vSphere license to unlock “vStorage APIs” and “vAAI” features. Similarly, Microsoft System Center Virtual Machine Manager could benefit from the Veeam Management Pack licensing. Basic monitoring for only Veeam Backup & Replication will be free if these extra licenses are not purchased.
– Other enterprises should consider obtaining the standard Veeam Backup & Replication as a common practice. This path allows for ease of clustering expansions. Although it is possible to convert Essentials licensing to Standard, extra paperwork and technical labor hours may nullify any financial benefits from such a transition.
– Physical Workloads are now compatible with Veeam when special agents are installed.
– Database aware backups will require special licensing. Microsoft Exchange, Sharepoint, SQL, and OneDrive will each depend on a license to be backed up properly.
– Licenses can be bought directly from the vendor at https://www.veeam.com/salesinc.html or a downstream channel of the client’s choice.

Install Veeam

Execute the Installtion Wizard and follow the prompts…

Assuming that Veeam is to be installed on a VM, its wizard would extract the following components:
Veeam Backup & Replication
Veeam Backup Catalog (component responsible for storing VM guest OS indexing data)
Veeam Backup & Replication Console

These additional modules are also added by default:
Veeam Explorer for Microsoft Active Directory
Veeam Explorer for Microsoft Exchange
Veeam Explorer for Oracle
Veeam Explorer for Microsoft SQL Server
Veeam Explorer for Microsoft SharePoint
Veeam Explorer for Microsoft OneDrive for Business
Veeam Backup PowerShell Snap-InThese components do not require additional licenses. They are integrated with Veeam Backup & Replication.

These are a typical settings for most instances

Configuration

– To simplify operations for compact teams, the same group of users should be included in the Veeam Backup Operator and Veeam Restore Operator roles. Better yet, the Veeam Backup Administrator role would the main role to be assigned toward backup administrator accounts.
– Email notifications are very necessary and should be configured.
– Details about backup infrastrutural components are dependent upon the target environment. Those are outside the scope of this overview. Generally, simple setups are recommended for most scenarios as readjustments can be done when the needs arise.
– A common deployment scenario consists of one (1) Veeam Server acting as the Backup server, Backup Repository, Mount Server, and Guest Interaction proxy. Furthermore, to minimize production impact on the VMware or Hyper-V hosts, one (1) physical or VM would be assigned the dedicated Off-host Backup Proxies role. Further simplication would mean moving this role into the VM hosts.
– Creating a new backup job is as simple as accessing the Home tab > click Backup Job > Virtual machine > select either VMware vSphere or Microsoft Hyper-V > complete the questionaires to finish the setup
– The task of configuration would only completed once successful restores are validated. This is to analogous to obtaining acceptance from the business entity.

PowerShell: vSphere 5.5 and TLS 1.2 Connection Issues

Intro:

There was this situation when we experienced connection issues with “Connect-VIServer” commands from PowerShell and went on a ghost hunt to chase down the root cause.

Set VMWare PowerCLI to ignore cert errors
PS C:\WINDOWS> Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$False

Scope ProxyPolicy DefaultVIServerMode InvalidCertificateAction DisplayDeprecationWarnings WebOperationTimeout
Seconds
----- ----------- ------------------- ------------------------ -------------------------- -------------------
Session UseSystemProxy Multiple Ignore True 300
User Ignore
AllUsers
Attempted to connect to vSphere via port 443
PS C:\WINDOWS> connect-viserver vcenter.kimconnect.com -Protocol https
connect-viserver : 5/23/2019 11:19:44 AM Connect-VIServer Error: Invalid server certificate. Use
Set-PowerCLIConfiguration to set the value for the InvalidCertificateAction option to Prompt if you'd like to connect
once or to add a permanent exception for this server.
Additional Information: Could not establish secure channel for SSL/TLS with authority 'vcenter5.kimconnect.com'.
At line:1 char:1
+ connect-viserver vcenter55.kimconnect.com -Protocol https
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : SecurityError: (:) [Connect-VIServer], ViSecurityNegotiationException
+ FullyQualifiedErrorId : Client20_ConnectivityServiceImpl_Reconnect_CertificateError,VMware.VimAutomation.ViCore.
Cmdlets.Commands.ConnectVIServer
Check Local Certificate Store for VCENTER certs

PS C:\WINDOWS> Get-ChildItem -Path Cert:\LocalMachine\ -recurse | Select-String "vcenter"
<Empty Result>
Ran this Script to check TLS Connectivity. It would do 2 things:
  1. Set local machine to use the proxy for external domain and bypass proxy for internal URIs
  2. Attempt to obtain the Public Key certificate from a provided URI. In this case, we’re checking the VCENTER.kimconnect.com machine running vSphere 5.5
$proxy="http://proxy:8080";
$exclusionList="localhost;*.kimconnect.com"
function checkProxy{
try{
$connectionTest=iwr download.microsoft.com
#$connectionSucceeds=Test-NetConnection -Computername download.microsoft.com -Port 443 -InformationLevel Quiet
if ($connectionTest){
$GLOBAL:haveInternet=$True;
return $True;
}
}
catch{
return $False
}
}

function fixProxy{

# Check if proxy is enabled on the system and fix it
$proxyKey=(Get-ItemProperty -Path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings")
if ($proxyKey.ProxyEnable){
# Set http proxy for browsers
Set-Itemproperty -path "Registry::HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" -Name 'ProxyServer' -value $proxy

# Set winhttp proxy for PowerShell
netsh winhttp set proxy $proxy $exclusionList

[system.net.webrequest]::defaultwebproxy = New-Object system.net.webproxy($proxy)
[system.net.webrequest]::defaultwebproxy.credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials
[system.net.webrequest]::defaultwebproxy.BypassProxyOnLocal = $true
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
}

if (checkProxy){
"Proxy is now good to go..."
$GLOBAL:haveInternet=$True;
}
else{
"Proxy problems..."
$GLOBAL:haveInternet=$False;
break;
}
}

function getPublicKey{
[OutputType([byte[]])]
PARAM (
[Uri]$Uri
)

if ($uri.Scheme -eq $null){
$uri="https://"+$uri;
}
else {
if (!($uri.Scheme -eq "https")){
$uri="https://"+$uri.Authority;
}
}

[Net.ServicePointManager]::Expect100Continue = $true;
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}

$request = Invoke-WebRequest -Uri $uri
#$request = [System.Net.HttpWebRequest]::Create($uri)


try{
#Make the request but ignore (dispose it) the response, since we only care about the service point
$request.GetResponse().Dispose()
}
catch [System.Net.WebException]{
if ($_.Exception.Status -eq [System.Net.WebExceptionStatus]::TrustFailure){
#We ignore trust failures, since we only want the certificate, and the service point is still populated at this point
}
else{
#Let other exceptions bubble up, or write-error the exception and return from this method
throw
}
}

#The ServicePoint object should now contain the Certificate for the site.
$servicePoint = $request.ServicePoint
$key = $servicePoint.Certificate.GetPublicKey()
Write-Output $key
}

fixproxy;
getPublicKey vcenter.kimconnect.com;
Output if TLS 1.0 or TLS 1.1 was enabled
PS C:\Users\kimconnect\Desktop\> C:\Users\kimconnect\Desktop\unit-test.ps1

Current WinHTTP proxy settings:

Proxy Server(s) : http://proxy:8080
Bypass List : localhost;*.kimconnect.com

Proxy is now good to go...

Exception calling "GetResponse" with "0" argument(s): "The underlying connection was closed: An unexpected error occurred on a receive."
At C:\Users\kdoan\Desktop\Notes\unit-test.ps1:70 char:9
+ $request.GetResponse().Dispose()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], ParentContainsErrorRecordException
+ FullyQualifiedErrorId : WebException
Output if TLS 1.2 was enabled
Invoke-WebRequest : The request was aborted: Could not create SSL/TLS secure channel.
At C:\Users\kimconnect\Desktop\unit-test.ps1:66 char:16
+ $request = Invoke-WebRequest -Uri $uri
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

You cannot call a method on a null-valued expression.
At C:\Users\kimconnect\Desktop\unit-test.ps1:72 char:9
+ $request.GetResponse().Dispose()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At C:\Users\kimconnect\Desktop\unit-test.ps1:86 char:5
+ $key = $servicePoint.Certificate.GetPublicKey()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
Check Server IIS
$ssl3=Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server"
$tls=Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server"
$tls11=Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server"
$tls12=Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server"
$protocols = @($ssl3,$tls,$tls11,$tls12)
$key1="DisabledByDefault"
$key2="Enabled"

foreach ($p in $protocols){
$pName=Split-Path $p.PSParentPath -Leaf;
$pValueInHex='0x{0:x}' -f $p.$key2;
$pName+" "+$key2+" value: "+$pValueInHex
}
Sample server output:
SSL 3.0 Enabled value: 0x0
TLS 1.0 Enabled value: 0xffffffff
TLS 1.1 Enabled value: 0xffffffff
TLS 1.2 Enabled value: 0xffffffff
Check Client Protocols
$ssl3=Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client"
$tls=Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client"
$tls11=Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client"
$tls12=Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client"
$protocols = @($ssl3,$tls,$tls11,$tls12)
$key1="DisabledByDefault"
$key2="Enabled"

foreach ($p in $protocols){
$pName=Split-Path $p.PSParentPath -Leaf;
$pValueInHex='0x{0:x}' -f $p.$key2;
$pName+" "+$key2+" value: "+$pValueInHex
}
Sample client output:
SSL 3.0 Enabled value: 0x0
TLS 1.0 Enabled value: 0x0
TLS 1.1 Enabled value: 0x0
TLS 1.2 Enabled value: 0xffffffff
Interpretation of the server and client’s outputs:

It appears that the server SSL protocols are including TLS, TLS 1.0, and TLS 1.2. However, the admin’s workstation (running Windows 10) would only connect using TLS 1.2. The common denominator between client and server is TLS 1.2. That explains the Invoke-Webrequest results prior, where TLS 1.2 connection attempts would yield the error of “Could not create SSL/TLS secure channel,” instead of “The underlying connection was closed: An unexpected error occurred on a receive” when using TLS 1.0 & 1.1. 

Enable TLS 1.1 Client
$tls11Path="Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client"
$key2="Enabled"
Set-Itemproperty -path $tls11Path -Name $key2 -Type DWord -Value 0xffffffff
Get-ItemProperty -path $tls11Path
Disable TLS 1.1 Client
$tls11Path="Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client"
$key2="Enabled"
Set-Itemproperty -path $tls11Path -Name $key2 -Type DWord -Value 0x0
Get-ItemProperty -path $tls11Path
Further Troubleshooting Progress:

Although the issue would most likely caused by the server’s certificate, that cannot be quickly remedied without collecting more data points about this issue. Once sufficient information has been gathered, a proposal to change the server’s SSL certificate would have a higher chance of administrative approval. Hence, the following vague attempts are good sources for memorandums.

https://kb.vmware.com/articleview?docid=2147546
a. Regenerate vCenter SSL certificates with minimum public key length of 2048 bits
b. Uninstall Microsoft(Windows) update 3175024

https://kb.vmware.com/s/article/2146002
Modify this registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]”ClientMinKeyBitLength”=dword:00000200

$path="Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman"
$key="ClientMinKeyBitLength"
$value=512
Set-Itemproperty -path $path -Name $key -value $value -Type DWord
#Set-Itemproperty -path $path -Name "ServerMinKeyBitLength" -value 2048
Get-ItemProperty -Path $path

https://support.microsoft.com/en-us/help/2973337/sha512-is-disabled-in-windows-when-you-use-tls-1-2

PS Cert:\LocalMachine> $path1="Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003"
PS Cert:\LocalMachine> (Get-ItemProperty -Path $path1 -Name "Functions").Functions
RSA/SHA256
RSA/SHA384
RSA/SHA1
ECDSA/SHA256
ECDSA/SHA384
ECDSA/SHA1
DSA/SHA1
RSA/SHA512
ECDSA/SHA512

Check for installed KBs

dism /online /get-packages | findstr KB3175024
dism /online /get-packages | findstr KB3172605
dism /online /get-packages | findstr KB3161608

Run PowerShell as Administrator

cd "C:\Program Files\VMware\CIS\vSphereTlsReconfigurator\VcTlsReconfigurator"
.\reconfigureVc backup -d S:\backup

This error occurred

VMWARE_CIS_HOME is not defined

This was supposed to the the command to disable TLS 1.0 & 1.1 (which had not been successfully ran)

.\reconfigureVc update -p TLSv1.2
Root Cause

After exhausting the available options of technical troubleshooting, the solution was simply removing the multiple versions of vSphere clients being installed on the problematic workstation. Knowing the cause, it would be possible to further investigate by checking those programs. Since vSphere client was a closed-source application, the buck ended at this correlation. It was unfortunate since correlation should not be construed as causation, but oh well…

How to Install Virtualbox in Ubuntu

Simply run these two commands:

sudo add-apt-repository multiverse && sudo apt-get update
sudo apt -y install virtualbox virtualbox-ext-pack

Answer ‘OK’ and ‘Yes’ to accept licensing prompts from Oracle

When installation finishes, it’s often preferable to add a link to the application by navigating to the apps menu > search for virtualbox > right-click it > add to favorites

Trigger VirtualBox app to start using the almost freeware

SAN Storage: Using 3PAR StoreServ to Provision LUNs for vSphere ESXi or Windows Server

Overview:

Assumptions
  1. MDS Zoning Configuration has been completed.
  2. Operating Systems
    1. ESXi OS has been installed onto the host and added into vSphere
    2. Windows 2016 with Emulex Fibre Channel have been configured
    3. Linux image is configured
  3. The 3PAR StoreServ application has been installed on a server that is accessible via HTTPS from the administrator’s  workstation, and this application has already been setup to control the SANs at the Florida remote site.
Initial Overview

Navigate to https://3par.kimconnect.com

Close this if it pops up (since documenting a tutorial inside a tutorial is no bueno)

Click on 3PAR StoreServ > Systems > select FL-3PAR01 > click on the drop down arrow next to Overview > select Map

1. Creating Host Sets

Click on 3PAR StoreServ > Show All > Host Sets

Click on Create Host Set

Input Name & System values > click on Add hosts

Hold down the shift button to select multiple hosts > click Add when done

2. Creating Virtual Volumes

Click 3PAR StoreServ > Virtual Volumes

Fill out the values for Name & System > click Add at the Export section

Select the targeted hosts to export this volume toward > click Add when done

3. Adding Hosts onto Host Set

Click on 3PAR StoreServ > Hosts

Click on Create Host

Fill out the Name, System, Host OS & Host set fields > click ‘Add FC‘ when ready

At the pop-up screen, hold down the shift key and select the two nodes that are associated with the new ESXi host > click Add

Click Create to initiate the Host creation process

Observe progress

Look for completion

4. Verifying LUN Accessibility
a. ESXi Host

Access vSphere > navigate to the newly added ESXi host > right-click on it > click on Storage > select Rescan Storage

Click OK

Navigate to the FL-ESX007 host > click on the Configure tab > Storage Adapters > select vmhba64 & vmhba65 > verify that the LUNs statuses are Active

If this were to occur after a storage re-scan operation, we may assume that there’s a mis-configuration somewhere. In which case, going back the drawing board to investigate the problem will include checking the 3PAR settings and/or Cisco MDS configs.

b.  Windows Host

Run OneCommand Manager to view Target Mapping

c. Linux

I’m bored. No more writing without this.

Cisco VSAN: MDS Zoning Configuration for ESXi Host – Step by Step

Step 1: gather information

A. VSAN Nodes

Each site shall have two sets of MDS Switching fabrics. In our case, we are targeting the Florida data center that hosts FL-FABRICA and FL-FABRICB that are dedicated to VSAN 10 & VSAN 20, respectively. Each fabric may consist of multiple switches of various generations being chained together using specialized cables [to connect the back-planes]. Our use-case also includes a 3PAR branded SAN storage array with four (4) controllers. Each controller carries one (1) fiber optic connection toward FL-FABRICA, and one (1) toward FL-FABRICB. Thus, there are eight (8) paths from the SAN fabrics to reach the 3PAR SAN. Below are the IP addresses of these devices.

  • FL-FABRICA: 10.10.8.1
  • FL-FABRICB: 10.10.8.2
  • FL-3PAR01: 10.10.10.1
B. Host to Fabric Connections

Before starting any configuration, it’s important to verify physical connections between a newly installed ESXi host toward each of the switching fabric. In this example, FL-ESX007 HBA port 1 is plugged into FABRIC-A fiber channel 4 port 1 (fabric-a fc4/1), and FL-ESX007 HBA port 2 is attached to FABRIC-B fiber channel 4 port 1 (fabric-b fc4/1). Here is the illustration.

FL-ESX007 HBA port 1 <==1 connection==> fabric-a fc4/1 <==4 connections==> FL-3PAR01
FL-ESX007 HBA port 2 <==1 connection==> fabric-b fc4/1 <==4 connections==> FL-3PAR01
C. Use Configuration Template to Generate Configs and Review for Accuracy

This can be done with a PowerShell Script here. You’re welcome.

############################# Configuration Script for FL-ESX007 #############################

##############################################################
## FL-FABRICA : VSAN 10 ##
config t

fcalias name fl_esx007_001 VSAN 10
member pwwn xx:xx:xx:xx:xx:xx:xx:xx
exit

zone name fl_esx007_001-fl_3par01_011 VSAN 10
member fcalias fl_esx007_001
member fcalias fl_3par01_011
exit

zone name fl_esx007_001-fl_3par01_111 VSAN 10
member fcalias fl_esx007_001
member fcalias fl_3par01_111
exit

zone name fl_esx007_001-fl_3par01_211 VSAN 10
member fcalias fl_esx007_001
member fcalias fl_3par01_211
exit

zone name fl_esx007_001-fl_3par01_311 VSAN 10
member fcalias fl_esx007_001
member fcalias fl_3par01_311
exit

zoneset name ZoneSet01 VSAN 10
member fl_esx007_001-fl_3par01_011
member fl_esx007_001-fl_3par01_111
member fl_esx007_001-fl_3par01_211
member fl_esx007_001-fl_3par01_311
exit

zoneset activate name ZoneSet01 VSAN 10
copy running-config startup-config fabric

########################################################
##############################################################
## FL-FABRICB : VSAN 20 ##
config t

fcalias name fl_esx007_002 VSAN 20
member pwwn xx:xx:xx:xx:xx:xx:xx:xx
exit

zone name fl_esx007_002-fl_3par01_012 VSAN 20
member fcalias fl_esx007_002
member fcalias fl_3par01_012
exit

zone name fl_esx007_002-fl_3par01_112 VSAN 20
member fcalias fl_esx007_002
member fcalias fl_3par01_112
exit

zone name fl_esx007_002-fl_3par01_212 VSAN 20
member fcalias fl_esx007_002
member fcalias fl_3par01_212
exit

zone name fl_esx007_002-fl_3par01_312 VSAN 20
member fcalias fl_esx007_002
member fcalias fl_3par01_312
exit

zoneset name ZoneSet01 VSAN 20
member fl_esx007_002-fl_3par01_012
member fl_esx007_002-fl_3par01_112
member fl_esx007_002-fl_3par01_212
member fl_esx007_002-fl_3par01_312
exit

zoneset activate name ZoneSet01 VSAN 20
copy running-config startup-config fabric

##############################################################

Step 2: Perform the Configuration

SSH into FL-FABRICA
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2018, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Before going any further, it’s important to confirm that FL-FABRICA is connected to FL-3PAR01

FL-FABRICA# show fcalias | inc 'fl_3par01'
fcalias name fl_3par01_011 vsan 10
fcalias name fl_3par01_111 vsan 10
fcalias name fl_3par01_211 vsan 10
fcalias name fl_3par01_311 vsan 10

The result above shows that there are four (4) paths to fl_3par01 (note: we use lowercase names in Cisco configs as a standard). Run the same command without filter to check pwwn associations of the FL-3PAR01 SAN. Be advised that this list will most likely be long. Have patience in the manual process of scanning through the values to derive at the desired information.

fabric-a(config)# show fcalias
-- Truncated for brevity --
-- Many records omitted --
fcalias name fl_3par01_011 vsan 10
pwwn xx:xx:xx:xx:xx:xx:xx:xx

fcalias name fl_3par01_111 vsan 10
pwwn xx:xx:xx:xx:xx:xx:xx:xx

fcalias name fl_3par01_211 vsan 10
pwwn xx:xx:xx:xx:xx:xx:xx:xx

fcalias name fl_3par01_311 vsan 10
pwwn xx:xx:xx:xx:xx:xx:xx:xx

Next, check for interface statuses with the focus of verifying port fiber channel 4/1

FL-FABRICA# show interface br
-------------------------------------------------------------------------------
Interface Vsan Admin Admin Status SFP Oper Oper Port
Mode Trunk Mode Speed Channel
Mode (Gbps)
-------------------------------------------------------------------------------
fc4/1 10 FX on down swl F 8 --
fc4/2 1 FX on up swl F 8 --
fc4/3 10 FX on up swl F 8 --
-- Truncated for brevity --

-------------------------------------------------------------------------------
Interface Status Speed
(Gbps)
-------------------------------------------------------------------------------
sup-fc0 up 1

-------------------------------------------------------------------------------
Interface Status IP Address Speed MTU
-------------------------------------------------------------------------------
vsan1 down -- 1 Gbps 1500
vsan10 up -- 1 Gbps 1500

-------------------------------------------------------------------------------
Interface Status IP Address Speed MTU
-------------------------------------------------------------------------------
mgmt0 up 10.10.8.1/24 1 Gbps 1500

If the target interface status is down (shutdown mode), then it will be necessary to change it to up (no shutdown mode) so that the directly attached HBA’s WWPN would register with the MDS fabric.

FL-FABRICA# conf t
Enter configuration commands, one per line. End with CNTL/Z.
FL-FABRICA(config)# int fc4/1
FL-FABRICA(config-if)# no shut
FL-FABRICA(config-if)# exit
FL-FABRICA(config)# exit

Check for Port Name (WWPN) association toward interfaces

# Checking the specific interface fc4/1
FL-FABRICA# show flogi database | inc 'fc4/1'
fc4/1 1 0xc70100 10:00:d0:67:xx:xx:xx:xx 20:00:d0:67:xx:xx:xx:xx
# Checking all interface associations
FL-FABRICA# show flogi database
--------------------------------------------------------------------------------
INTERFACE VSAN FCID PORT NAME NODE NAME
--------------------------------------------------------------------------------
fc4/1 10 0x8c0000 20:11:00:02:xx:xx:xx:xx 2f:f7:00:02:xx:xx:xx:xx
-- Truncated for brevity --
sup-fc0 10 0x8c0dc0 10:00:00:0d:xx:xx:xx:xx 20:00:00:0d:xx:xx:xx:xx

Total number of flogi = 109.

Check to see whether fl_esx007 has been configured on this MDS fabric.

fabric-a# show zoneset active | inc 'fl-esx007'
zone name fl_esx007_001-ca_3par01_011 vsan 10
zone name fl_esx007_001-ca_3par01_111 vsan 10
zone name fl_esx007_001-ca_3par01_211 vsan 10
zone name fl_esx007_001-ca_3par01_311 vsan 10

The result above indicates that zoneset associations for node fl_esx007 port 001 (a host in Florida) has been incorrectly configured with ca_3par01 (a MDS fabric in California). Thus, it will be necessary to delete these zones as a precursor to starting over.

FL-FABRICA# conf t
Enter configuration commands, one per line. End with CNTL/Z.
FL-FABRICA(config)# no zone name fl_esx007_001-ca_3par01_011 vsan 10
FL-FABRICA(config)# no zone name fl_esx007_001-ca_3par01_111 vsan 10
FL-FABRICA(config)# no zone name fl_esx007_001-ca_3par01_211 vsan 10
FL-FABRICA(config)# no zone name fl_esx007_001-ca_3par01_311 vsan 10
FL-FABRICA(config)# exit
FL-FABRICA#

Check to see whether WWPN has been associated with VSAN 10

FL-FABRICA# show fcalias vsan 10 | inc '10:00:ba:4e:xx:xx:xx:xx'
pwwn 10:00:ba:4e:xx:xx:xx:xx

The result above shows that FL-ESX007 WWPN has been configured to associate with VSAN 10. Thus, a repeat of re-association is unnecessary. For purposes of demonstration, we shall apply the prepared MDS Zoning template as shown in step 1C to observe any anomalies.

FL-FABRICA# config t
Enter configuration commands, one per line. End with CNTL/Z.
FL-FABRICA(config)# fcalias name fl_esx007_001 VSAN 10
FL-FABRICA(config-fcalias)# member pwwn 10:00:ba:4e:4e:d0:00:24
Duplicate member
FL-FABRICA(config-fcalias)# exit
FL-FABRICA(config)# zone name fl_esx007_001-fl_3par01_011 VSAN 10
FL-FABRICA(config-zone)# member fcalias fl_esx007_001
FL-FABRICA(config-zone)# member fcalias fl_3par01_011
FL-FABRICA(config-zone)# exit
FL-FABRICA(config)# zone name fl_esx007_001-fl_3par01_111 VSAN 10
FL-FABRICA(config-zone)# member fcalias fl_esx007_001
FL-FABRICA(config-zone)# member fcalias fl_3par01_111
FL-FABRICA(config-zone)# exit
FL-FABRICA(config)#
FL-FABRICA(config)# zone name fl_esx007_001-fl_3par01_211 VSAN 10
FL-FABRICA(config-zone)# member fcalias fl_esx007_001
FL-FABRICA(config-zone)# member fcalias fl_3par01_211
FL-FABRICA(config-zone)# exit
FL-FABRICA(config)#
FL-FABRICA(config)# zone name fl_esx007_001-fl_3par01_311 VSAN 10
FL-FABRICA(config-zone)# member fcalias fl_esx007_001
FL-FABRICA(config-zone)# member fcalias fl_3par01_311
FL-FABRICA(config-zone)# exit
FL-FABRICA(config)#
FL-FABRICA(config)# zoneset name ZoneSet01 VSAN 10
FL-FABRICA(config-zoneset)# member fl_esx007_001-fl_3par01_011
FL-FABRICA(config-zoneset)# member fl_esx007_001-fl_3par01_111
FL-FABRICA(config-zoneset)# member fl_esx007_001-fl_3par01_211
FL-FABRICA(config-zoneset)# member fl_esx007_001-fl_3par01_311
FL-FABRICA(config-zoneset)# exit
FL-FABRICA(config)#
FL-FABRICA(config)# zoneset activate name ZoneSet01 VSAN 10
Zoneset activation initiated. check zone status
FL-FABRICA(config)# copy running-config startup-config
[########################################] 100%
Copy complete.

Verify that FL-ESX007 has been associated with FL-3PAR01

fabric-a(config)# show zoneset active | inc 'rpsesxi02b'
zone name fl_esx007_001-fl_3par01_011 vsan 10
zone name fl_esx007_001-fl_3par01_111 vsan 10
zone name fl_esx007_001-fl_3par01_211 vsan 10
zone name fl_esx007_001-fl_3par01_311 vsan 10

fabric-a(config)# show zoneset active | inc 'rpsesxi02b_001-mph3pss001'
zone name fl_esx007_001-fl_3par01_011 vsan 10
zone name fl_esx007_001-fl_3par01_111 vsan 10
zone name fl_esx007_001-fl_3par01_211 vsan 10
zone name fl_esx007_001-fl_3par01_311 vsan 10

To view additional details, run the same command without filtering. Scroll toward the bottom of the output to view the latest entries

fabric-a(config)# show zoneset active
zoneset name Default_zoneset vsan 1
zone name Default_zone vsan 1
pwwn 50:01:43:80:xx:xx:xx:xx
pwwn 50:0a:09:84:xx:xx:xx:xx
pwwn 50:0a:09:84:xx:xx:xx:xx
-- Truncated for brevity --
-- Many records omitted --
zoneset name ZoneSet01 vsan 10
-- Truncated for brevity --
-- Many records omitted --
zone name fl_esx007_001-fl_3par01_011 vsan 10
* fcid 0x8c0000 [pwwn 20:11:00:02:xx:xx:xx:xx]
* fcid 0x8c1999 [pwwn 10:00:ba:4e:xx:xx:xx:xx]

zone name fl_esx007_001-fl_3par01_111 vsan 10
* fcid 0x8c0001 [pwwn 21:11:00:02:xx:xx:xx:xx]
* fcid 0x8c9999 [pwwn 10:00:ba:4e:xx:xx:xx:xx]

zone name fl_esx007_001-fl_3par01_211 vsan 10
* fcid 0x8c0002 [pwwn 22:11:00:02:xx:xx:xx:xx]
* fcid 0x8c9999 [pwwn 10:00:ba:4e:xx:xx:xx:xx]

zone name fl_esx007_001-fl_3par01_311 vsan 10
* fcid 0x8c0003 [pwwn 23:11:00:02:xx:xx:xx:xx]
* fcid 0x8c9999 [pwwn 10:00:ba:4e:xx:xx:xx:xx]

This is the final verification that the four paths are active as indicated by the asterisks “*” signs

fabric-a# show zoneset active | inc '10:00:da:3c:7b:00:00:00'
* fcid 0x0b0085 [pwwn 10:00:da:3c:7b:00:00:00]
* fcid 0x0b0085 [pwwn 10:00:da:3c:7b:00:00:00]
* fcid 0x0b0085 [pwwn 10:00:da:3c:7b:00:00:00]
* fcid 0x0b0085 [pwwn 10:00:da:3c:7b:00:00:00]

Summary of useful show commands

### Useful show commands ###
# show fcalias vsan 10 # Displays the long output of all VSAN 10 configs
# show zoneset active | inc '10:00:da:3c:7b:00:00:00' # Checks active zoneset for matches of a specific wppn
# show flogi database | inc '10:00:da:3c:7b:00:00:00' # Shows the Fabric Login database for matches of a specific wppn
# show zoneset | inc 'fl_esx007' # Check zonesets for matches of the new servername config
# show fcalias name fl_esx007_001 VSAN 10 # Check VSAN 10 for any entries of the specific fcalias

The asterisk symbol next to Fiber Channel ID (fcid) indicates that the connection is active. The newly configured zones should have their PWWN set as active. Also, the fcid 0x8c1999 [pwwn 10:00:ba:4e:xx:xx:xx:xx] must match the fcalias name fl_3par01_011 vsan 10 record gathered at the initiation step of this configuration procedure. Once these two things established, we may reasonably assume that the networking portion of ESX to SAN connectivity is “good to go” for ESXi HBA Port 1 of 2.

ESXi HBA Port 2 of 2 configuration would just be a repeat of “Step 2” (this section).

Docker: Staging Intermediary Containers

Benefits:

– Smaller footprints of exposed containers
– Less attack surfaces leads to minimum vulnerabilities
– Job security, heheh. Nope, this convoluted build process really is part of best-practices
– Less storage requirements when pruned

Illustration:
  Linux Host Staging
Container
Production
Container

Mount points

/go/src/project/

/app

/bin/project/ /app
Comments Persistent directories to survive containers regeneration Container and dependencies are to be destroyed after artifacts are produced Copy only artifacts needed into the final image. Exposed at port 80
Sample App:
# Intermediary container section
FROM golang:1.11-alpine AS staging #Name this compiling container as 'staging'

# Add certs
RUN apk --update add ca-certificates

# Install tools required for project
# Run `docker build --no-cache .` to update dependencies
RUN apk add --no-cache git
RUN go get github.com/golang/dep/cmd/dep

# List project dependencies with Gopkg.toml and Gopkg.lock
COPY Gopkg.lock Gopkg.toml /go/src/project/ #This layer will trigger a rebuild when Gopkg files are updated

# Set working directory as a directory on the host for persistency
WORKDIR /go/src/project/

# Install library dependencies
RUN dep ensure -vendor-only

# Copy all files from current directory into project folder
COPY . /go/src/project/ #This layer will trigger a rebuild if any file is changed in the project directory

# Execute the build (compile) command
RUN go build -o /bin/project

# Final container section: pull a minimalistic 'Alpine' image
FROM alpine

# Update without keeping cache files to save space
RUN apk --no-cache update

# The default Alpine image doesn't have certs - add them
# Alternative: RUN apk add ca-certificates && rm -rf /var/cache/apk/*
COPY --from=staging /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

# Set new working directory
WORKDIR /app

# Copy files from staging folder to this Production /app directory
COPY --from=staging /bin/project /app

EXPOSE 80
ENTRYPOINT ./goapp