I am honored to have been chosen as a finalist for the 2021 IT Blog Awards selected by Cisco Systems. This is my first time with such and needless to say I’m a little excited about it. As a finalist koolaid.info will be put onto the ballot for all those who wish to vote (Vote Here!), with separate categories for blogs and podcasts. If you wish to vote you may do so now until voting closes on Friday, February 18th.
Pictured here is the entrance, five years ago, to the Customer Appreciation Event on the last night of Cisco Live US 2013. This was my first CiscoLive and first tech conference at all. I was exhausted from all I’d learned and excited by all the new people I’d met. The conference was in Orlando, FL that year and the CAE was held in a portion of Universal Studios theme park. This all comes full circle because this year
- I will once again be attending CiscoLive 2018
- It will once again be held in Orlando, FL
- And the Customer Appreciation Event will be held at THE ENTIRE UNIVERSAL STUDIOS FLORIDA PARK!
Customer Appreciation Event Info
You read that right, for one night only, Cisco customers, employees and other conference attendees will have the whole park to themselves with food, drink, and all that jazz included.While the party itself is from 7:30 to 11:30, attendees will also have non-exclusive access to the Islands of Adventure side of the park starting at 6 so you can get there early, hang out in Diagon Alley and then hop the Hogwarts Express over to the party when the time comes. Can anybody say Geek Overload? Once the party starts all of the attractions will be available to you, rides like Transformers:3D, Harry Potter and the Escape from Gringotts, and Race Through New York Starring Jimmy Fallon just to name a few.
There will also be a “festival style” music line-up to be announced later. Considering Cisco’s recent track record of musical acts (Aerosmith, Maroon 5, Elle King, Bruno Mars) it’s a good guess that those will be great as well.
There are other announcements out now as well. Included in these are the guest keynote speakers. This year it appears Cisco is going all in on the future looking vibe by having Dr. Michio Kaku, and Amy Webb as the Thursday speakers. Dr. Kaku is a renowned theoretical physicist and futurist while Ms. Webb is also a futurist and founder of the Future Today Institute. While I don’t know much about them at the moment I look forward to what they have to say.
Sessions, Labs and Seminars
Finally it looks like the Session catalog has quietly gone live today as well. Here you can begin looking for ideas of sessions you think you will find helpful, but I will tell you it is always my suggestion to pick these for now by the instructors you may really want to be able to interact with. All of these sessions will be available online after the conference so that frees you up to network (socially, not with wires) while you are there.
What you can’t access after the fact is the Labs and Seminars Cisco puts on the weekend prior to the conference itself. These come in 4 or 8 hour flavors and as someone who has attended a couple myself I will tell you they are a very fast way to deep dive into a topic. The catalog of these has been made available as well so you may want to check them out.
One note for those of you that like me that are heavy users of ad blocking in your browser. I noticed that uBlock Origin was keeping the actual list from appearing, you will need to turn it off to see the session catalogs.
As somebody with a small child and thus has spent a good deal of time in the Orlando area 😉 I’ll have some more to share soon in that regard. If you are heading to the show feel free to reach or say hi there! These events are much better when you allow yourself to get out an meet others.
As June is here we are deep into tech conference season already so I find myself behind the curve somewhat with this post, but here we are. I am extremely fortunate to have an employer who understands the value of attending Tech Conferences for IT Professionals and I’ve been able to attend at least one each year since 2014; going back and forth between CiscoLive and VMworld with a sprinkling of VeeamON and more local events such as vBrisket and VMUGs for good measure. As a “Hyper-Converged Admin” my choice of which “biggie” conference is done each year by looking at where my projects land; last year was CiscoLive due to a lot of Voice and Security Projects, this year VMworld due to lots of updates coming down the pike there and a potential VDI project.
The problem when you have a conference with north of 25,000 attendees is that you are limited in where you put these on. While Cisco does tend to move around some, VMworld has typically either been in San Francisco or Las Vegas. With the Moscone Center closed again this year for renovation we find pretty much all of the big guys are back in Las Vegas, with both CiscoLive and VMworld at Mandalay Bay once again as well as AWS re:Invent and Dell/EMC World in town this year as well. If you haven’t been to one of these Tech Conferences before or to Las Vegas both can be both exciting and overwhelming, but with a little help from others and some decent tips neither are that big of a deal.
Las Vegas Basics
So for a small town guy like me Las Vegas is very cool town, but tiring. The common thread I feel and have heard others voice as well is that Las Vegas is deceptively large because all of the hotels on the strip are so massive. While you can see from your Mandalay Bay window that New York New York is just the next block, it is probably about a mile away if walking there. Why this is important is that if you look at the list of hotels on each conference’s list you’ll see lots of options, but getting to that 8AM session may require a 30+ minute walk or even longer shuttle ride if you chose to stay at the Cosmopolitan (my personal favorite of all Las Vegas hotels but prohibitively far away). Couple that with temperatures in the triple digits during summer and proximity becomes more important.
So the first tip for any of these conferences is get a hotel as close as possible. For CiscoLive and VMworld keep in mind that you can move freely between the Mandalay Bay, Delano the Luxor and the Conference Center without ever stepping foot outside. I would highly recommend trying to be in one of these. If you are booking late and the conference is out of rooms it’s worth trying to book directly through the hotel as they don’t let the events have the whole place. That said you are still going to be in for a hike. For example I stayed in the Mandalay Bay last year and it was approximately 1800 steps from my room to the entrance to conference.
Many of the vendor types that seemingly live their lives at these types of events like to opt for either the nearby Marriott Courtyard Las Vegas South or the Holiday Inn at Desert Club Resort for those that like a kitchen. From either of these you’re a quick Uber or Lyft away from the Conference Center entrance but don’t have to deal with the hustle and bustle of staying on the Strip if you don’t want to.
Speaking of Uber and Lyft, getting around with out walking is a bit of a consideration as well, both for the daily commute as well as for the various events. Traffic in the afternoons into the early morning is pretty impressive on the actual strip so to be honest I’ve not heard good things about trying to rely on the conference shuttles when available. Further I’ve heard many complaints from those who are locals that drive in and try to find parking.
Where that leaves you is 1) ride sharing service, 2) using the monorails, or 3) walking. Uber is nice because they are pretty knowledgeable about routing you around traffic regardless of time of day. Keep in mind when it comes to this and Mandalay Bay there are actually two defined Uber pickup/drop off spots, one outside of the conference center and another around the valet area underneath the hotel drop off area. These are impressively far apart so be sure you know where you want picked up before you request a ride.
The monorails are also nice but short. For those of you going to CLUS this is a good way to get to the Customer Appreciation Event as it will drop you off close to the T-mobile Arena.
Finally walking is a decent option, especially after dark for the various vendor events, but I do recommend if you are going to do it find a buddy or 3 or 4. I’ve never personally seen violence on the strip but you hear about it and there are lots of “character buskers” dressed like everything from Michael Jackson to Spongebob that will harass you.
One final note, while first impressions are important there really isn’t any point to being that person in the fancy shoes unless you’ve got booth duty. I typically while go buy a new pair of good running shoes a week or two before the conference so I can break them in and then that’s what I wear. If you are a step tracker kind of person like me expect 20,000 and up each day so take care of your feet.
Things To Do
Seriously, there’s plenty to do even if you weren’t at a conference already providing lots to do. Regardless of your interest if the conference doesn’t have you jam-packed enough you can find something you like here.
If you are new to IT or are just starting to get your name out there the most important things to do outside of the sessions is to get out there and be social. Both of the conferences we are talking about here have a great community that surround it with some wonderful people in it. The first step if you aren’t already would be to get yourself on twitter and follow the hashtag stream for your event (#CLUS for CiscoLive US, #VMworld for VMworld) , not only while you are there but before especially as many outside events will be planned then. Be sure to find the social area for your given conference and go make friends. Outside of the standard conference hours you’ll find that many of the Vendors will have events planned for attendees. If you have partners or vendors you work heavily with its worth asking your SE if they are doing anything.
CiscoLive will be held this year June 25-29th and promises to be a great show once again. While I have really enjoyed all of the conferences I’ve attended CLUS was my first and near to my heart. First off of all those I’ve been to this one feels more academic than others. There aren’t really as many softball sessions and the sessions are a bigger part of the focus for the event than other. That said, they do a very good job of supporting the social community by having a Social Media Hub right in the middle of it all with special events for the twitterazzi most days. I highly recommend showing up and if nothing else walking up and just introducing yourself, trust me, you’ll fit right in there somewhere especially if you bring a Kilt. 😉 If you can come in early on Sunday the annual Tweetup Sunday afternoon is always a good time to make friends.
If you are going to CiscoLive you should have at this point booked most of your sessions. A couple of points here. First do not overbook yourself on sessions. While the pressure is always there to make sure you are getting all the education out of it as possible every session these days is recorded and can be watched later. My decision on if I’m going to do a particular session is based on if the subject is directly related to something that’s got me stumped and I want the opportunity to touch base with the speaker. Past that I’ll watch most after the fact. A better use of your time is getting out and networking, soaking up some of the distributed information there and will in many cases serve as a resource after the fact. I’ve yet to leave an event and not come home to do some kind of redesign based on things I’ve learned from the community.
A highlight for anybody who’s been to CLUS is always the Customer Appreciation Event. This year Bruno Mars will take over the T-mobile Arena and I am legitimately bummed that I will be missing it. The celebrity keynotes are always very good as well and usually provide a different view on how technology interacts with the world. I truly enjoyed listening to Kevin Spacey last year and this year they’ve booked Bryan Cranston.
Regarding keynotes, I typically like watch these in the social areas rather than packing myself into the keynote halls. The seating is better, there’s fewer people and usually refreshments are close at hand, plus you can find a surface to put your computer/iPad on to take notes and/or live tweet the talk.
As much as the focus on CiscoLive is on the direct educational benefit the focus from VMworld is more on learning from the community. With the conference officially running from August 27-31 there just as many official conference sessions as there are at CiscoLive, but I find there to be more lower level, marketing style sessions at VMworld. What makes up for it though is any number of community learning opportunities surrounding it. If you can swing coming in either Saturday or very early Sunday the vBrownbag/VMunderground Opening Acts is always a great place to learn about what is coming next in virtualization and technology. Speaking of vBrownBag, these guys have a stage running concurrent to the conference with session about anything you can conceive of all week long. Historically the vBrownBag stage has been found in the Hang Space (VMworld for social media area) but this year is still to be determined.
Another thing you’ll find is the potential to have your evenings books is exceptionally high with multiple vendor events every single night, traditionally starting with vBeers on Saturday evening. At some point as we get closer to the conference VMworld will fill a website with information and registration links for many of the gatherings to make scheduling easy. The Veeam, VMunderground and vExpert/VCDX/VMUG parties are always the most talked about. There is also the annual VMworld Party with typically big name acts but at the time of this writing there really isn’t any information about this yet. Be sure to follow along online and on social media to find out soon enough.
With all that being said, just go enjoy yourself as you are meant to do. There’s a reason that Denise Fishburne refers to CiscoLive as “Geek Summer Camp” because it does feel that way, regardless of the conference you’re attending. Everybody does things their own way. As I’ll be attending VMworld this year if you are there and want to say hi feel free to reach out and find me on twitter @k00laidIT.
Each year many of the major companies in the tech industry allow people to be nominated, by themselves or by others, to be recognized for the contributions to the community that surrounds that company’s products. These people are typically active on social media, in both online and in person forums and user groups and often will write blogs about their experiences with the products. In return for what is essentially free, grass-roots type marketing the companies will provide awardees any number of benefits; access to licenses for products for homelabbing as well as sometimes access to engineers, preferred experiences at conferences, NDA level information, etc but in some cases the biggest benefit is the recognition itself.
As of today (November 10, 2016) two of the bigger and in my opinion one of the best programs are all open for nominations.
|Nominations Accepted until 12/16
|Nominations Accepted until 12/9
I’m honored to be both a vExpert and a Veeam Vanguard and like to think of myself as an honorary Cisco Champion (they can’t accept government employees) so I have some experience with each of these programs. Let’s take a look at all three.
VMware vExpert may not necessarily be the oldest influencers program but it is probably the one socially active technical people know except possibly the Microsoft MVP program. In many ways vExpert is not only an honorary of its own right but a launch pad towards acceptance into other programs. vExperts are as far as I know the largest such group with around 1500 members world-wide, it also boasts some really good benefits not only from VMware but from other companies in the virtualization ecosphere. There are many webinars and meet and greets throughout the calendar year which are either vExpert only or vExpert preferred and the vExpert party at VMworld is well-known as one of the best. The distinction I make most about vExpert is that while it is for and by VMware, some years much of the educational focus is on the ecosphere and community that surrounds it.
The vExpert program offers 4 paths to membership. The one most are in is the Evangelist path. These may be customers, partners or VMware employees themselves, but they are people speaking the good word of VMware. There are also specific paths for Partners and Customers but I don’t know that I’ve ever met anyone who was awarded in those tracks. Finally if you have achieved the highest level of VMware certification, VCDX, you automatically are awarded vExpert status.
Cisco Champions contrasts from vExpert most because it is a self-contained program with all the educational opportunities and benefits being from Cisco Systems itself. With the Champions there aren’t so many of the freebies with the notable exception of some nice perks if you attend CiscoLive, but what they do offer is exposure of your personal brand. Between the weekly Cisco Champions Radio podcast and the regularly featured blogs on Cisco’s website if you are working to make a name for yourself in the industry for whatever reason it is a very good program for that. Further Cisco gives you access to developers and program managers within the company so that you can not only gain greater understanding of the products but in many cases have the opportunity to weigh in on technology decisions during the development process.
Cisco breaks their program down into business segments in regards to your qualification for the program with tracks in Collaboration, Data Center, Enterprise Networks, IoT, and Security. If you have expertise in any of these by all means apply.
In my mind I’m saving the best for last. The Veeam Vanguard program opened its nominations up today for its 3rd year and I’ve been honored to have awarded each year (so far). It is by far the most exclusive; there are currently only 50 members worldwide and I believe the philosophy is to keep it on the small side with only people who truly understand what the company is about. There are a lot of swag type benefits to the Vanguard to be sure, most noticeably something really special that revolves around their VeeamON conference (NOLA this year baby!), but to be honest what I most get out of the program is the distributed brain of not only the Veeam employees affiliated with the group but the group itself. On a daily basis it seems sometimes somebody’s technology issues, Veeam related or not, are being sorted out through Vanguard communication methods. Long story short, in the Vanguard program they simply take care of you and I’m happy to call all of them not just my peers but friends.
Because Veeam is a much tighter set of products than the other two there aren’t any official tracks within the program. That said they are very good about selecting members who affiliate themselves with each of the hypervisor companies they support, VMware’s vSphere and Microsoft’s Hyper-V. This diversity is part of what makes the discussions between us so good.
Over the course of the past week I’ve heard various people talking about strategies regarding getting awarded to any number of these. I’m not going to do this one so I can focus on that one and so forth, and honestly all I can recommend to you if you are interested in applying to any of them is look at where your focus is or where you focus should be and apply. There is no thing that says “you belong to too many programs” or anything like that; if you feel you are qualified for any of these or any other by all means go apply. The name of the game is to grow your involvement with the technology community, regardless of what type of technology it is.
Here at This Old Datacenter we’ve recently made the migration to using Cisco UCS for our production compute resources. UCS offers a great number of opportunity for system administrators, both in deployment as well as on going maintenance, making updating the physical as manageable as we virtualization admins are getting used to with the virtualized layer of the DC. Of course like any other deployment there is always going to be that one “oh yeah, that” moment. In my case after I had my servers up I realized I needed another virtual NIC, or vNIC in UCS world. This shouldn’t be a big deal because a big part of what UCS does for you is it abstracts the hardware configuration away from the actual hardware.
For those more familiar with standard server infrastructure, instead of having any number of physical NIC in the back of the host for specific uses (iSCSI, VM traffic, specialized networking, etc) you have a smaller number of connections as part of the Fabric Interconnect to the blade chassis that are logically split to provide networking to the individual blades. These Fabric Interconnects (FI) not only have multiple very high-speed connections (10 or 40 GbE) but each chassis typically will have multiple FI to provide redundancy throughout the design. All this being said, here’s a very basic design utilizing a UCS Mini setup with Nexus 3000 switches and a copper connected storage array:
So are you starting to thing this is a UCS geeksplainer? No, no my good person, this is actually the story of a fairly annoying hiccup when it comes to the relationship between UCS and VMware’s ESXi. You see while adding a vNIC should be as simple as create your vNICs in the Server Profile, reboot the effected blades and new NIC(s) are shown as available within ESXi, it of course is not that simple. What happens in reality when you add new NICs to an existing Physical NIC to vSwitch layout is that the relationships are shuffled. So for example if you started with a vNIC (shown as vmnicX in ESXi), vSwitch layout that looks like this to start with
After you add NICs and reboot it looks like this
Notice the vmnic to MAC address relationship in the 2. So while all the moving pieces are still there different physical devices map to different vSwitches than as designed. This really matters when you think about all the differences that usually exist in the VLAN design that underlay networking in an ESXi setup. In this example vSwitch0 handles management traffic, HQProd-vDS handles all the VM traffic (so just trunked VLANS) and vSwitch1 handles iSCSI traffic. Especially when things like iSCSI that require specialized networking setup are involved does this become a nightmare; frankly I couldn’t imagine having to do this will a more complex design.
So I’m sure you are sitting here like I was thinking “I’ll call support and they will have some magic that with either a)fix this, b) prevent it from happening in the future, or preferably c) both. Well, not so much. The answer from both VMware and Cisco support is to figure out which NICs should be assigned to which vSwitch by reviewing the MAC to vNIC assignment in UCS Manager as shown and then manually manage the vSwitch Uplink assignment for each host.
As you may be thinking, yes this is a pain in the you know what. I only had to do this with 4 hosts, I don’t want to think about what this looks like in a bigger environment. Further, as best I can get answers from either TAC or VMware support there is no way to make this go better in the future; this was not an issue with my UCS setup, this is just the way it is. I would love it if some of my “Automate All The Things!!!” crew could share a counterpoint to this on how to automate your way out of this but I haven’t found it yet. Do you have a better idea? Feel free to share it in the comments or tweet me @k00laidIT.
Ahh, that time of year when geeks pull that long forgotten blog site out of the closet, dust it of and make promises of love and content: #vDM30in30. If you aren’t familiar with the idea, vDM30in30 is short for Virtual Design Master 30 blog posts in 30 days, an idea championed by Eric Wright of discoposse fame to get bloggers out there to work their way through regular generation of content. As you can see from this site new content is pretty rare so something like this is a welcome excuse to focus and get some stuff out there. vDM30in30 runs through the month of November and the best way to follow along with the content is to track the hashtag on twitter.
So What’s the Plan?
I’m a planner by nature so if I don’t at least have a general idea this isn’t going to work at all. The good news is I’ve got quite a few posts that I’ve been meaning to work on for some time so I’m going to be cleaning out my closet this week and get those out there. So the full schedule is going to look like this:
- Week of Nov 1: random posts I’ve never quite finished but need to be released
- Week of Nov 7: focus on all the new hotness coming from Veeam Software
- Week of Nov 14: VMware’s upcoming vSphere 6.5 release
- Week of Nov 21: randomness about community, career and navel gazing in general
I’m really looking forward to participating this year as I do believe that a lot of growth comes from successfully forming out thoughts and putting them down. Hope you find some of this hopeful, if there is anything you’d like to see in the space feel free to comment.
The following post is something I wrote as an in-house primer for our help desk staff. While it a bit down level from a lot of the content here I find more and more the picking and reliably going with a troubleshooting methodology is somewhat of a lost art. If you are just getting started in networking or are troubleshooting connectivity issues at your home or SMB this would be a great place to start.
We often get issues which are reported as application issues but end up being network related. There are a number steps and logical thought processes that can make dealing with even the most difficult network issues easy to troubleshoot. The purpose of this post is to outline many of the basic steps of troubleshooting network issues, past that it’s time to reach out and ask for assistance.
Understand the basics of OSI model based troubleshooting
The conceptual idea of how a network operates within a single node (computer, smartphone, printer, etc.) is defined by something called the OSI reference model. The OSI model breaks down the operations of a network into 7 layers, each of which is reliant on success at the layers below it (inbound traffic) and above it (outbound traffic). The layers (with some corresponding protocols you’ll recognize) are:
7. Application: app needs to send/receive something (HTTP, HTTPS, FTP, anything that the user touches and begins/ends network transmission)
6. Presentation: formatting & encryption (VPN and DNS host names)
5. Session: interhost communication (nothing to see here:))
4. Transport: end to end negotiations, reliability (the age old TCP vs. UDP debate)
3. Network: path and logical addressing (IP addresses & routing)
2. Data Link: physical addressing (MAC addresses & switches)
1. Physical: physical connectivity (Is it plugged in?)
The image below is a great cheat card for keeping these somewhat clear:
How OSI is used today is as a template for how to understand and thus troubleshoot networking issues. The best way to troubleshoot any IT problem that has the potential to have a network issue is from the bottom of the stack upwards. Here are a few basic steps to get you going with troubleshooting.
Is it plugged in?
This may seem like a smart ass answer, but many times this is just the case. Somebody’s unplugged the cable or the clip has broken off the Cat6 cable and every time somebody touches the desk it wiggles out. Most of the time you will have some form of a light to tell you that you have both connectivity to the network (usually green) and are transmitting on the network (usually orange).
This troubleshooting represents layer 1 troubleshooting.
Is the network interface enabled?
So the cable is in and maybe you’ve tried to plug the same cable from the wall into multiple devices; you get link lights on other devices but no love on the device you need. This may represent a Data Link issue where the Network Interface Card (NIC) has been disabled in the OS. From the client standpoint this would be within Windows or Mac OSX or whatever, on the other side it’s possible the physical interface on the switch that represents the other end of the wire may be disabled. Check out the OS first and then reach out to your network guy to check the switch if need be.
Can the user ping it?
Moving up to the Network layer, the next step is to test if the user can ping the device which they are having an issue with. Have the user bring up a command prompt and ping the IP address of the far end device.
Can you ping it?
By the very nature of you being an awesomesauce IT person you are going to have more ability to test than the user. To start with, see if you can ping it from your workstation. This will rule out user error and potentially any number of other issues as well. Next if you can’t, are you on the same subnet/VLAN as the device you are trying to access? If not try to access a device in the same subnet as the endpoint device you are testing and ping it from there. That may give you some insight into having issues with default gateway configuration or underlying routing (aka Layer 3) issues.
Can you ping it by name?
Let’s say you can ping it by IP address from all of the above. If the user is trying to access something by name, say server1.foo.com have them ping that as well. It’s possible that while the lower three layers of the stack are operating well, something has gone awry with DNS or other forms of naming that happen at the Presentation layer.
Application firewalls and the like
Finally we’ve reached the top of the stack and we need to take a look at the individual applications. So far you’ve verified that the cable’s plugged in, the NICs on both sides are enabled and you can ping between the user and the far device by both IP and hostname but still the application won’t work so now’s when we look at the actual application and immediately start rebooting things.
Just kidding 🙂 No now we need to look at services that are being present to the network. If we are troubleshooting an e-mail issue is the services running on the server and can we connect to it. When talking about TCP/IP-based traffic (meaning all traffic) all application layer traffic occurs over either a TCP or UDP protocol port. This isn’t something you physically plug-in, but rather it is a logical slot that an application is known to talk on, kind of like a CB radio channel. For example SMTP typically runs on TCP port 25, FTP 21, printing usually on 9100. If you are troubleshooting an e-mail issue bring up a command prompt and try to connect to the device via telnet like “telnet server1.foo.com 25.” If the SMTP server is running on that port at the far end then it will answer, if not the connection will time out.
Call in reinforcements
If you’ve got this far it’s going to take a combination of multiple brains and probably some application owners/vendors to unwrangle the mess those crazy users have made. Reach out to your network and application teams or call in vendor support at this point.
Network troubleshooting isn’t hard, you just have to know where to start.
As 2016 moves into April we find ourselves ready to go into the conference season once again. For the past couple of years I’ve been to VMworld because that is where my work has had me focused, but for the same reason I will be heading the Cisco Live in Las Vegas, NV this year. The event will be held at the Mandalay Bay Resort July 10-14. Yes it will be hot, but let’s be honest you are going to be inside most of the time. This is the 2nd time I’ve attended Cisco Live US (you may see it referred to as #CLUS quite a bit) and if this is anything like the last time it’s going to be great. I have been particularly impressed with the content they make available and the community that has grown around it.
What to do
The first and foremost thing you should check out at Cisco Live is the always excellent sessions throughout the conference. If you are new to conferences this is actually something to consider sooner than later; the session catalog is currently up and the scheduler will open on May 3. I recommend that if you have any particular sessions or focus you are looking at with this trip go ahead and have a list done early and then be ready on the 5/3, many popular sessions will fill up quickly and nobody wants to wait in the overflow line. 😉
To be honest if you just look at the scope of topics covered in the session list it is a bit overwhelming. While I’m no grizzled veteran of conferences by any means what I’ve found best is to pick a focus or two and then start there. For example this year we have a big focus on upgrading our edge security and our production datacenter to include Cisco UCS solutions. What sessions I pick will almost entirely be from either the Security and Datacenter & Virtualization tracks to support those goals. Keep in mind all of these sessions will be available to you online after the fact so keep in mind the people giving them as well.
If you have never been to one of the major tech conferences (20k attendees and up) there is never really a shortage of things to do, ranging from the educational to the social to just straight fun. Cisco Live is in my opinion a great event with a better than most mix of content and social, the highlight of which is the Customer Appreciation Event. The CAE this year will be held at the T-Mobile Arena and features concerts with Maroon 5 and Elle King. I saw Maroon 5 in a very cold field a couple of years ago and they are a pretty good show and I’ve really liked what I’ve heard from Elle King on the radio.
Besides the concert event there will be no shortage of things to do if you are socially inclined. Besides the mixers each evening there are a wide array of events from different vendors in the Cisco ecosystem each evening. Many of these are by invite only so now would be an appropriate time to be reaching out to Account Execs you have at the various vendors and see if they are doing anything there.
This will be my 6 tech conference in 4 years and while the content of the sessions is great and extremely helpful like I mentioned above all of that content is available online, 24/7/365 after the conference. What is not is the ability to meet and have conversations with some of the best minds of our chosen field. My very first major conference was CLUS 2013 in Orlando, FL and as I got myself out of my shell and started to meet people I was frankly floored by the combined brain power in such a small area. The way I’ve often put this to people is that the entire state of West Virginia, where I am from, has a total of 3 CCIEs in it. While this is not a normal demographic, there are only 50,000 some worldwide. At one point that first year I found myself sitting in a discussion where out of 20 people I was the only person NOT a CCIE and really it is amazing what you can absorb in the social settings at Cisco Live. If you are willing to put yourself out there and not be the cave-dwelling geek many of us are naturally drawn to be you will find a community of people who will readily accept you in.
So how do I find such social people and befriend them? Well fear not there are plenty of ways. To start with if you are just starting out in your tech career the very first advice is to get yourself on twitter if you haven’t already. I literally setup my twitter account walking down the main concourse of CLUS 4 years ago and it has presented no end of enjoyment, help and opportunity since. Once you have said account head on over to Tom Hollingsworth’s site and sign yourself up for the annual twitter list.
Now that you are in the social mood right off the bat one of the first places I will be locating is the Social Media Hub. This is pretty much the main congregation area for the socials types. At some point in the early evening Sunday there will be an opening Tweetup there, if you attend be sure to say hi!
If you are interested in going yourself but haven’t registered yet you can do so on the Cisco Live 2016 website.
I’ve been a long time user of RANCID for change management on network devices but frankly it’s always left me feeling a little bit of a pain to use and not particularly modern. I recently decided it was time for my OpenNMS/RANCID server to be rebuilt, moving OpenNMS up to a CentOS 7 installation and in doing so thought it was time to start looking around for an network device configuration management alternative. As is many times the way in the SMB space, this isn’t a task that actual budgetary dollars are going to go towards so off to Open Source land I went! rConfig immediately caught my eye, looking to me like RANCID’s hipper, younger brother what with its built in web GUI (through which you can actually add your devices), scheduled tasks that don’t require you to manually edit cron, etc. The fact that rConfig specifically targets CentOS as its underlaying OS was just a whole other layer of awesomesauce on top of everything else.
While rConfig’s website has a couple of really nice guides once you create a site login and use it, much to my dismay I found that they hadn’t been updated for CentOS 7 and while working through them I found that there are actually some pretty significant differences that effect the setup of rConfig. Some difference of minor (no more iptables, it’s firewalld) but it seems httpd has had a bit of an overhaul. Luckily I was not walking the virgin trail and through some trial, error and most importantly google I’ve now got my system up and running. In this post I’m going to walk through the process of setting up rConfig on a CentOS minimal install with network connectivity with hopes that 1) it may help you, the two reader’s I’ve got, and 2) when I inevitably have to do this again I’ll have documentation at hand.
Before we get into it I will say there are few artistic licenses I’ve taken with rConfig’s basic setup.
- I’ll be skipping over the network configuration portion of the basic setup guide. CentOS7 has done a great job of having a single configuration screen at install where you setup your networking among other things.
- The system is designed to run on MySQL but for a variety of reasons I prefer MariaDB. The portions of the creator’s config guide that deal with these components are different from what you see here but will work just fine if you do them they way described.
- I’m virtualized kind of guy so I’ll be installing the newly supported open-vm-tools as part of the config guide. Of course, if you aren’t installing on ESXi you won’t be needing these.
- Finally before proceeding please be sure to go ahead and run a yum update to make sure everything’s up to date and you really do have connectivity.
Even with the minimal installation there are things you need to stop to make things work nice, namely the security measures. If you are installing this in the will this would be a serious no no, but for a smaller shop behind a well configured firewall it should be ok.
Once in the file you need to change the “SELINUX=enforcing ” line to “SELINUX=disabled “. To do that hit “i” and then use vi like notepad with the arrow keys. When done hit Esc to exit insert mode and “:wq ” to save and exit.
systemctl disable firewalld.service systemctl stop firewalld.service
Installing the Prerequisites
Since we did the minimal install there are lots of things we need to install. If you are root on the box you should be able to just cut and paste the following into the cli and everything gets installed. As mentioned in the original Basic Config Guide, you will probably want to cut and past each line to make sure everything gets installed smoothly.
yum install -y wget mlocate attr open-vm-tools yum -y install httpd openssl-devel openssl mod_ssl vsftpd yum -y groupinstall 'Development Tools' yum -y install telnet bind-utils yum -y install vixie-cron crontabs yum -y install mariadb-client mariadb-server mod_authn_dbd mariadb-devel
Now that we’ve installed all that stuff it does us no good if it isn’t running. CentOS 6 used the command chkconfig on|off to control service autostart. In CentOS 7 all service manipulation is now done under the systemctl command. Don’t worry too much, if you use chkconfig or service start both at this point will still alias to the correct commands.
systemctl enable ntpd.service systemctl start ntpd.service systemctl enable httpd.service systemctl start httpd.service systemctl enable mysqld.service systemctl start mysqld.service systemctl enable vsftpd.service systemctl start vsftpd.service systemctl enable crond.service systemctl start crond.service
Finalize Disable of SELinux
One of the hard parts for me was getting the step 5/6 in the build guide to work correctly. If you don’t do it the install won’t complete, but it also doesn’t work right out of the box. To fix this the first line in prerequisites installs the attr package which contains the setfattr executable. Once that’s installed the following checks to see if the ‘.’ is still in the root directories ACLs and removes it from the /home directory. By all means if you know of a better way to accomplish this (I thought of putting the install in the /opt directory) please let me know in the comments or on twitter.
cd / ll | grep home **output** drwxr-xr-x. 2 root root 4096 Sep 23 2011 home find /home -print0 | xargs -0 -n 1 sudo setfattr -h -x security.selinux
MySQL Secure Installation on MariaDB
MariaDB accepts any commands you would normally use with MySQL. the mysql_secure_installation script is a great way to go from baseline to well secured quickly and is installed by default. The script is designed to
- Set root password
- Remove anonymous users
- Disallow root logon remotely
- Remove test database and access to it
- Finally reload the privilege tables
I tend to take all of the defaults with the exception of I allow root login remotely for easier management. Again, this would be a very bad idea for databases with external access.
#Verify that MariaDB is running systemctl status mariadb.service **output** mariadb.service - MariaDB database server **output** Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled) **output** Active: active (running) since mysql_secure_installation
Then follow the prompts from there.
As a follow up you may want to allow remote access to the database server for management tools such as Navicat or Heidi SQL. To do so enter the following where X.X.X.X is the IP address you will be administering from. Alternatively you can use root@’%’ to allow access from anywhere.
mysql -u root -p ***output*** password: mysql> GRANT ALL ON *.* to root@'X.X.X.X' IDENTIFIED BY 'your-root-password'; mysql> FLUSH PRIVILEGES;
Configure VSFTPd FTP Software
# Install VSFtpd and configure it mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.original echo "#Custom rConfig VSFTPD conf file" > /etc/vsftpd/vsftpd.conf; echo "anonymous_enable=NO" >> /etc/vsftpd/vsftpd.conf; echo "listen=YES" >> /etc/vsftpd/vsftpd.conf; echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf; echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf; echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf; echo "dirmessage_enable=YES" >> /etc/vsftpd/vsftpd.conf; echo "xferlog_enable=YES" >> /etc/vsftpd/vsftpd.conf; echo "connect_from_port_20=YES" >> /etc/vsftpd/vsftpd.conf; echo "xferlog_std_format=YES" >> /etc/vsftpd/vsftpd.conf; echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf; echo "userlist_enable=YES" >> /etc/vsftpd/vsftpd.conf; echo "tcp_wrappers=YES" >> /etc/vsftpd/vsftpd.conf; echo "idle_session_timeout=600" >> /etc/vsftpd/vsftpd.conf; echo "data_connection_timeout=120" >> /etc/vsftpd/vsftpd.conf; echo "ftpd_banner=Welcome to the FTP Service" >> /etc/vsftpd/vsftpd.conf; echo "ls_recurse_enable=YES" >> /etc/vsftpd/vsftpd.conf; systemctl enable vsftpd.service systemctl start vsftp.service
Now that we’ve got the basics of setting up the OS and the underlying applications out of the way let’s get to the business of setting up rConfig for the first time. First we need to edit the sudoers file to allow the apache account access to various applications. Begin editing the sudoers file with the visudo command, arrow your way to the bottom of the file and enter the following:
apache ALL = (ALL) NOPASSWD: /usr/bin/crontab, /usr/bin/zip, /bin/chmod, /bin/chown, /usr/bin/whoami Defaults:apache !requiretty
First you are going to need to download the rConfig zip file from their website. Unfortunately the website doesn’t seem to work with wget so you will need to download it to a computer with a GUI and then upload it via SFTP to your rConfig server. (ugh) Once the file is uploaded to your /home directory back at your server CLI do the following commands
cd /home unzip rconfig-3.0.3.zip #3.0.3 is the latest version at time of writing, this may differ for you. chown -R apache /home/rconfig
Next we need to copy the the httpd.conf file over to /etc/httpd/conf directory. This is where I had the most issues of all in that the conf file included is for httpd in CentOS 6 and there are some module differences between 6 and 7. Attached here is a modified version that I was able to get working successfully after a bunch of failures. The file found here (httpd.txt) will need to replace the existing httpd.conf before the webapp will successfully start. If the file is copied to the /home/rconfig directory the shell commands would be
mv /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.original cp /home/rconfig/httpd.txt /etc/httpd/conf/httpd.conf systemctl start httpd.service
As long as the httpd service starts backup up correctly you should now be good to go with the web portion of the installation which is pretty point and click. Again for the sake of brevity just follow along at the rconfig installation guide starting with section rConfig web installation and follow along to the end. We’ll get into setting up devices in a later post, but it is a pretty simple process if you are used to working with networking command lines.
One of my last tasks for 2014 was integrating a new Nimble Storage array into our environment. As this is the first of these I’ve encountered and I haven’t been able to take the free one day Nimble Installation and Operation Professional (NIOP) course they provide I was left to feeling my way through it with great help from their documentation and only ended up calling support to resolve a bug related to upgrading from 2.14 of the Nimble OS. On the network side our datacenter is powered by Cisco Nexus 3000 series switches, also a new addition for us recently. These allowed us to use our existing Cat6 copper infrastructure while increasing our bandwidth to 10 GbE. In this post I’m going to document some of the setup required to meet the best practices outlined in Nimble’s Networking Best Practices Guide when setting up your system with redundant NX-OS switches.
Hi there and welcome to koolaid.info! My name is Jim Jones, a Geek of Many Hats living in West Virginia.
This site was created for the purpose of being a locker full of all the handy things I’ve learned over the years, know I’m going to need again and know I’ll forget. It’s morphed a bit over the years as all things do but still that’s the main purpose. If you’d like to know more about me check out any of the social links at the top left of the site, I’m pretty much an open book.
If you’ve found this page I hope you find it’s contents helpful. Finally, anything written here are solely my views and do not reflect those of my employer.