General posts from the webinterface

Install VMware VAAI support for Synology


In my home lab I’m using Mac Mini’s as ESXi-server and a Synology NAS for storage (besides the SSD’s in de Mac Mini’s itself). The more expensive Synology models support VAAI for VMware. VAAI stands for vStorage APIs for Array Integration and with this support you can offload particular tasks from ESXi to the storage.

To install VMware VAAI support for Synology:

  1. Download the required package
  2. Enable SSH support on the ESXi node
  3. Put the ESXi node into maintenance mode
  4. (Win)SCP transfer the vib to the ESXi hosts /tmp
  5. SSH to the ESXi node, and type in the command:

    esxcli software vib install -v /tmp/esx-nfsplugin.vib –no-sig-check

  6. Reboot the ESXi host

Congratulations. Your ESXi node now has VAAI support.

New Microsoft Linux exam


Microsoft announced a new Linux exam related to Azure, which will be available in March 2018. The exam is given number 70-539 and titled Managing Linux workloads on Azure. The content is yet unknown. This exam can be used to upgrade your MCSA on Linux to MCSE Cloud Platform and Infrastructure. As Azure continues to gain mind and market share, related certifications are becoming increasingly valuable for IT pros.

Cron.weekly issue #100


I have to admit that I’m not the guy who subscribed to newsletters. There are actually a few subscriptions and one of them if the cron.weekly newsletter. It features new Open Source projects, guides & tutorials, news and handy little CLI one-liners. cron.weekly is here for both junior as well as seasoned Linux users. The focus of the newsletter is on technical content. This Sunday, issue #100 was received in my mailbox. I’d like to thank Matthias for all his efforts.

Have a look yourself at cronweekly.com.

Updates to CentOS7


Last week I’ve updated my private web server to CentOS7. The long awaited OpenSSL update was there to implement HTTP/2. My server is used by some friends and running DirectAdmin for administration, so they could manage their e-mail adressen without my intervention. Also noticeable is the switch from SpamAssassin to the newer and faster Rspamd filtering system written in C. PHP is switched from mod_ruid2 to php-fpm (FastCGI) which should also bring some speed improvements. And for most domains, HSTS is mandatory. Big improvements. Todo is implement IPv6 on user (site) level.

Error connecting to the Tower server


If you’re using Ansible Tower on Red Hat 7 or CentOS 7 you might see the yellow-mark on the top right page saying: “Live events: error connecting to the Tower server” or get errors when using the API (And the web-interface is one big graphical API) when adding groups, giving a ‘500’ error. This is a known issue, and you can do the following to step back python’s ssl handling package:

rpm -Uvh --oldpackage http://bo.mirror.garr.it/1/slc/centos/7.1.1503/updates/x86_64/Packages/python-2.7.5-18.el7_1.1.x86_64.rpm \
http://bo.mirror.garr.it/1/slc/centos/7.1.1503/updates/x86_64/Packages/python-devel-2.7.5-18.el7_1.1.x86_64.rpm \

# Once you do that, restart the tower services:

ansible-tower-service restart

Update ESXi to 6.5 update 1


I’m using a standalone Mac Mini with VMware vSphere (ESXi) on it. So for that reason I’m not able to use the update manager to upgrade the host. Last week I’ve upgraded version 6.5 to v6.5 update 1. See this blog for details about how to do that. The one-liner to use via SSH is:

esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-6.5.0-20170702001-standard

After a reboot you should be able to run vSphere 6.5 update 1 (with an upgraded new web=interface on https://<ip>/ui).

In my case I had an error with updating. There seemed to be to less space on the USB stick I’m booting from. The error message wasn’t clear about this. After rebooting the ESX-host and trying again, it gave me this error.

 [Errno 28] No space left on device
       vibs = VMware_locker_tools-light_6.5.0-0.23.5969300
 Please refer to the log file for more details.

The solution was to change the default swap location via the web-interface (Host > Manage > System > Swap from ‘Datastore: none’ to ‘Datastore: LocalSSD’ (LocalSSD is just my name. It can differ in your set-up.

Installing Ansible Tower


When installing Ansible tower on CentOS 7 in my lab environment I noticed some problems during the install. When downloading and running the installer you’ll see these notices:

TASK [preflight : Preflight check - Read in tower version] *****************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "file not found: /var/lib/awx/.tower_version"}



TASK [preflight : Preflight check - Passwords must be defined for a fresh install]
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "Please configure passwords in the inventory file before running setup"}

 to retry, use: --limit @/home/ansible/ansible-tower-setup-3.1.4/install.retry

The fix is easy. Provide passwords in the ‘inventory’ file and restart the installer. It will now configure Ansible for you with all requirements such as Postgres, Supervisord, RabbitMQ and Nginx for you with the provides passwords.

localhost ansible_connection=local





# Needs to be true for fqdns and ip addresses

After the installation, browse to http://hostname, in my case http://ansible1 and you’ll be headed towards the Red Hat Ansible website to request a license. A 10-node license is free and will for your needs for training purposes towards Red Hat Certificate of Expertise in Ansible Automation exam (EX407).

RHEL 7.4 released


Yesterday Red Hat released Red Hat Enterprise Linux (RHEL) 7.4. Amongst others, these are important changes:

  • Docker overlay graph driver with SELinux in enforcing mode is now supported;
  • OpenSSL update (1.0.2k) brings support for ALPN & native HTTP/2;
  • System Security Services Daemon (SSSD) in a container is now fully supported;
  • Identity Management (IdM) server container is available as a Technology Preview;
  • OpenLDAP & Btrfs are deprecated and will be removed in future RHEL major versions.

CentOS builds will be available soon. Time to test and migrate the CentOS 6 DirectAdmin servers to EL7.4 since HTTP/2 is now natively supported in OpenSSL.

Update: CentOS blog about CentOS 7.4.

Ansible slow on CentOS servers


If you’re getting started with Ansible you’ll notice it can be slow on servers running CentOS (or Red Hat). The reason for this is that CentOS systems have Kerberos authentication for SSH enabled by default. If you set GSSAPIAuthentication to no in /etc/ssh/sshd_config then things will speed up. And since you’re editing the configuration file, also set the UseDNS value to nu to save another DNS-lookup. You shot notice Ansible isn’t as slow as before.

You can also set this configuration for the Ansible user in the ~/.ssh/config file of the ansible user in case you are using an IPA server and/or Kerberos authentication in your environment.

[ansible@ansible-server ~]$ cat ~/.ssh/config 
Host * 
    GSSAPIAuthentication no



Red Hat Certificate of Expertise training towards RHCA


If you want to pass one of the Red Hat Certificate of Expertise exams without thousands of dollars on the official Red Hat training (and not able to work for a week which will cost you another thousand dollars) then let me introduce the Linux Academy. They provide online courses for these Red Hat CoE exams, were 5 are needed to achieve Red Hat’s highest level of certification: Red Hat Certified Architect.

  • Certificate of Expertise in Ansible Automation
  • Certificate of Expertise in Server Hardening
  • Certificate of Expertise in Containerized Application Development
  • Certificate of Expertise in Platform-as-a-Service (soon)
  • Certificate of Expertise in Configuration Management (soon)
  • Red Hat Certified Systems Administrator in OpenStack
  • Red Hat Certified Systems Engineer in OpenStack

Pricing is around $230 yearly which is very reasonable. You can get a 7-days trial directly but I hate ‘trials’ where it’s mandatory to provide payment details. However: you can get a free 60-day access voucher at Microsoft Visual Studio Dev Essentials. And as a bonus you’ll get a discount when subscribing afterwards. You don’t have access to the provided cloud servers and Hands on Labs in the trial but if gives you access to the training material and video’s so you’ll see the $199/year is absolutely worth it!

And if you want to thank Microsoft, consider becoming MCSA in Linux. Yes. It does exist. Microsoft loves Linux.

Red Hat goes hyperconverged


Last month, Red Hat announced Hyperconverged Infrastructure 1.0. This initial release is based on proven products like GlutserFS for storage, Ansible for provisioning, Cloudforms for orchestration and self-service and RHEV as virtualisation engine. The product will be sold as a single SKU. Red hat seems to aim at RoBo as customer target. Let’s see what this will bring us…

Fedora 26 released


The Fedora Project, sponsored by Red Hat, releases version 26 of their operating system. In the past I was an active desktop user. The OS offers latest-and-greatest with 6-months release cycle and 18 months life-cycle. More important: Fedora releases are the base of Red Hat Enterprise LInux releases, which are the base of CentOS releases. And that’s why I mention this Fedora release in particular. Since Red Hat is busy releasing v7.4 of her Enterprise Linux, I guess engineers are also looking at the horizon to work on RHEL 8.0. I’m not the only one with this view. Fedora 26 could be the foundation of this OS. So let’s compare RHEL 7 with Fedora 26.

So what’s new in Fedora 26 compared to RHEL7:

  • Yum is gone. Welcome DNF. In Fedora 26, DNF is rebased to v2.x;
  • Anaconda had a new partitioner tool, including support for this provisioned LVM;
  • Python is v3.6 by default. So all scripts are rebased from v2.x to v3.x;
  • The old GCC6 compiler is gone. Welcome GCC7;
  • Better (local) caching of users and groups using SSSD. A must for enterprises;
  • OpenSSL 1.1.0. Which is required to support HTTP/2 (ALPN support);

So yes. I’m definitely going to test-drive Fedora 26 and gain hands-on experience with some features like DNF and HTTP/2 which is much, much faster for SSL-secured websites, which is more common these days due to the Let’s Encrypt initiative.

If Fedora 26 will be the base for RHEL 8… I’m not sure. One of the open issues for a new Enterprise-graded Linux is Long Term Support. And the file-system is changing every RHEL-version. Was it ext3 in RHEL5, it became ext4 in RHEL6, which became xfs in RHEL7. Many out there hope that ZFS will come to Linux but licensing does not allow binaries to be distributed. Btrfs is a good alternative candidate, in particular the checksumming function which is missing in XFS but Red Hat is deprecating btrfs in RHEL7.4. A good candidate would be bcachefs. Tools for this storage type will be made available in Fedora 28, released mid 2018.

Go to Top