ZoneType.sh Version 2.0

We just started supporting Solaris 10 in our VMware cluster so I had to update my zone type script to detect if the OS is running there. I’m not sure how I feel about depending on the output of ptrdiag since the interface is labeled “unstable”, but it works for now, and I really don’t see Sun changing the first line of output where the system configuration is listed. Anyhow, when issued with the -v or –vmware flag, the script returns 0 if it’s running on the cluster and 1 if it is not.

Usage:

# zonetype.sh -g or –global
Return 0: The machine is a global zone with 1 or more local zones
Return 1: The machine is not a global zone

# zonetype.sh -l or –local
Return 0: The machine is a local zone
Return 1: The machine is not a not a local zone

# zonetype.sh -v or –vmware
Return 0: The machine is running on a VMware hypervisor
Return 1: The machine is not running in VMware

#! /bin/bash
#
# When issued with the -g or --global flag, this script will return:
# 0 if the machine is a global zone and has one or more local zones. 
# Otherwise, it will return 1
#
# When issued with the -l or --local flag, this script will return:
# 0 if if is a local zone and 1 if it is not
#
# When issued with the -v or --vmware flag, this script will return:
# 0 if it is a vmware host and 1 if not.
#

list=( `/usr/sbin/zoneadm list -civ | awk '{ print $1 }'`)

  case "$1" in
    -g|--global)
        # If the third element in our array is null, set it to 0
        if [ "${list[2]}" == ""  ]; then
        list[2]=0
        fi
        # This is a global zone only if it has one or more local zones.
        if [ ${list[1]} -eq 0 ] && [ ${list[2]} -ge 1 ]; then
        # 1 is returned if we have a global and local zone, 
        # otherwise, we return 0
                exit 0
            else
                exit 1
        fi
              ;;
    -l|--local)
        # If the second element in our array is = or > 1, it is a local zone.
        if [ ${list[1]} -ge 1 ]; then
        # Return 1 if this is a local zone, otherwise return 0.
                exit 0
            else
                exit 1
        fi

              ;;
   -v|--vmware)
        # Don't run our check on local zones... Prtdiag can't run there
        if [ ${list[1]} != 0 ]; then
                exit 1
           else 
                vmhost=( `/usr/sbin/prtdiag | grep System | awk '{ print $5 }'`)
                if [ $vmhost == VMware ]; then
                        #If the host is running on the vmware cluster return 0, 
                        # otherwise, return 1
                        exit 0
                else
                        exit 1
                fi
        fi
              ;;
        *)
        echo "Usage: /local/adm/zonetype.sh {-l | --local | -g | --global | -v | --vmware}"
        exit 1
  esac

VMware ESX 3.5 ntpdate strangeness

We just noticed that the time was very far off on our sparkly new VMware EXS 3.5 server. When I went to run ntpdate to bring it up to sync, I was suprised to find that it could not make a connection to the time server because outbound UDP 123 traffic was blocked by the internal firewall. Here is what I got:

# /usr/sbin/ntpdate -u time.nist.gov
9 Apr 03:47:53 ntpdate[20245]: sendto(192.43.244.18): Operation not permitted
9 Apr 03:47:54 ntpdate[20245]: sendto(192.43.244.18): Operation not permitted
9 Apr 03:47:55 ntpdate[20245]: sendto(192.43.244.18): Operation not permitted
9 Apr 03:47:56 ntpdate[20245]: sendto(192.43.244.18): Operation not permitted
9 Apr 03:47:57 ntpdate[20245]: no server suitable for synchronization found

Normally I would just add a rule to the “/etc/sysconfig/iptables” file to allow traffic out on this port, but Vmware ESX server does not use iptables… It uses its own firewall, so I had to figure out how to change it. Happily, it turns out that there is a handy “esxcfg-firewall” command built just for such things.

Running this:
/usr/sbin/esxcfg-firewall -q | grep 123

12300 1803K valid-tcp-flags  tcp  --  *   *     0.0.0.0/0        0.0.0.0/0

Confirmed that UDP port 123 outbound was disallowed.

Running this opened it up:
/usr/sbin/esxcfg-firewall -e ntpClient

Grep out “123” again just to be sure:
/usr/sbin/esxcfg-firewall -q | grep 123

1  76 ACCEPT  udp  --  *    *    0.0.0.0/0      0.0.0.0/0     udp dpt:123

And you can now run ntpdate to sync up the time:
/usr/sbin/ntpdate -u time.nist.gov

9 Apr 09:52:54 ntpdate[20319]: step time server 192.43.244.18 offset 21689.039217 sec

VMware Fusion Evaluation

Since much of my job involves rolling out Linux solutions I’ve been experimenting with VMware Fusion Beta for the Macintosh in my development environment. Given that the product is still in beta, I have very few complaints about its actual stability. Most of the features work reliably as advertised, but there are some basic points of functionality that I feel the software is lacking. More on that later.

First, let’s take a look at exactly what VMware Fusion is. At its core, the package allows the user to create and run virtual machines on the Macintosh. For those who are new to virtualization, it is a way to run multiple virtual computers on one actual computer. The hardware resources are abstracted and shared to the virtual machines through the virtualization software — in this case VMware Fusion. A complete description on virtualization can be found here.

Previous to Fusion, only VMware player was available to Macintosh users, so it is nice to actually be able to create virtual machines locally. The snapshot feature is also very nice for development purposes since you can instantly roll back to a previous working state should you corrupt the software on the virtual machine.

Perhaps the problem that annoyed me most, however, was the fact that there is no clear way to delete virtual machines from within the software. I actually tried to get rid of one by deleting this folder:

/Volumes/Macintosh HD/Users/myaccount/Documents/Virtual Machines/Mymachine.vmwarevm

But I just ended up breaking the “Virtual Machine Library” application and having to uninstall and reinstall everything from scratch. The process detailing how to delete a virtual machine did not exist anywhere in the VMware Fusion FAQ or documentation as far as I could tell. Granted, it’s beta software, but I would think this should be a core feature of any virtualization product. At least they provide an “Uninstaller” script.

VMware Fusion is a basic piece of software that succeeds in fulfilling the most fundamental of virtualization requirements. If all you want to do is be able to run a virtual machine or two on your Mac, it will most likely work for you. If you are looking to deploy it as part of an enterprise solution, I would suggest letting the product mature a while and using something like Parallels instead.