Does anyone know the password for this database?

Those that I work with know that my first, and primary, job is as a MySQL DBA. Unfortunately, cause I love MySQL, I haven’t been doing as much with it lately because of all the virtualization work going on.

Today I’m going to post about MySQL. Occasionally you may encounter a MySQL server that has been around for a while, and no one knows who set it up, where it came from, or who owns it. Those wonderfully inaccessible databases are still someone’s responsibility. So, what do you do if you don’t know the root password? Well, it’s actually not all that difficult, assuming you can start and stop the instance a few times.

Read moreDoes anyone know the password for this database?

Fedora 8 Suspension

I’ve previously mentioned that I use Fedora 8 on my laptop at home. It is a Core 2 Duo Dell with a GeForceGo 7300. Originally, it had Vista Home Premium, and I really did give Vista a chance (for almost 8 months!!), but I just like linux more. I do still have to go back to Vista on the (extremely) rare occasion I need bluetooth support. For some reason I can’t get the integrated bluetooth modem to work with Fedora. The GeForce Go has caused me nothing but problems. Nvidia’s normal drivers won’t work with the Go series from Dell, I have to get the drivers directly from Dell…and they are flaky.

Anyway, I recently reloaded my laptop and let it update everything to the newest available. Unfortunately, at some point, suspend stopped working. I’m not sure when it was (it applied ~ 300 updates), but it stopped. Well, it didn’t exactly stop working…it still suspends, once, after which the monitor refuses to work. I can still ssh in, and everything seems to be functioning normally, but the monitor doesn’t work. Which makes a laptop very useless.

So, since I’ve reloaded linux a number of times, and it seems each time I forget what I did to fix it, I’m documenting it for myself, and posterity.

Read moreFedora 8 Suspension

Where in !@#%* does the text on tty11 come from?

You know the text I’m talking about…when you walk up to an ESX host and it has the hostname and IP address along with instructions to “press ALT-F1 to open the ESX Server Console, press ALT-F11 to return to this screen”.

Yeah, that text. Where does it come from? It’s not a typical tty…it has a screen saver (if you let it be for a while it’ll go blank). I can’t figure out for the life of me where it’s started, or where it get’s it’s data from…well I found some things…but not where the obviously non-dynamic (text other than ip address, hostname) data comes from.

The point of my looking for how it get’s that data is because we recently changed the IP addresses of all our ESX hosts. The console (and consequentially webAccess) were on a public LAN. For security reasons, we didn’t want this, so we put them on a private LAN. Nothing difficult…took care of the entire process from VI Client (add new console interface, set as primary, remove old console interface). I even went to the trouble (ok, I might have OCD) of physically standing in front of the box and moving the new vswif1 so that it’s named vswif0, just because it was irritating me.

Read moreWhere in !@#%* does the text on tty11 come from?

Command Line Licensing

I discovered that if you set the license server incorrectly, or if it can’t contact the license server, then ESX/VirtualCenter won’t let you change it. ESX seems to want to contact the old server before it will let you change to a new one.

Anyway, by modifying the /etc/vmware/license.cfg file, you can change the license server to what it should be (or just set it to an empty string and use VI Client). After modification, restart the management service:

Remediate this host…

You’re going to update my what?

With the release of ESX 3.5 and VirtualCenter Server 2.5, VMware also released Update Manager. Update Manager is a neat concept…download Windows, windows programs (e.g. firefox, adobe reader, etc), RHEL, and ESX (3.5 only) updates to the update host, then let VirtualCenter Server apply the updates. I can see where the ESX updates would be valuable, however I think any IT department big enough to support a large number of Windows VMs is already going to have a method of deploying updates (i.e., SMS, or whatever you windows admins use). Same for linux shops. So those updates, in my opinion, aren’t as valuable to the enterprise. I do see where small-to-medium businesses, especially those with a very small IT department, would want the advantage of having updates deployed to all VMs via a product they’ve already purchased (ESX) rather than having to buy another MS product (SMS, etc).

ESX is different however. Previously, there was no VMware product (to my knowledge) that allowed for automated update of the ESX hosts. There were some fantastic utilities that were published by the community, but there was no VMware product.

Well, that has changed. Once the Update Manager is installed, you simply tell it to update it’s database and download the updates.

Or is it so simple… What if you are not connected to the internet? What if you are on an isolated network? Well, VMware has what’s called the Update Manager Download Service.

Read moreRemediate this host…

No wireless networks detected…

I use VMware server on my computers at home. Both of my current systems run Fedora 8, kernel 2.6.25.6-27. I say this because on my laptop I couldn’t configure a VM to use bridged network mode when wlan0 was the only active interface.

After a lot of googling, I came across this post. The post is almost entirely in german, however there is an abbreviated version somewhere in the middle in english.

Normally, I wouldn’t go any further than posting a link, however while I was reviewing some links on my del.icio.us account, I clicked the above, and discovered that the site has a tremendous number of errors. This is bad. It usually means that the site is not well maintained and not long for the internet.

Additionally, the patch that’s posted is slightly out of date. So, I’ve created an updated patch, and I’m going to post some instructions in english here.

Read moreNo wireless networks detected…

sudo, let me log you doing something stupid

Allow me to step on my security soap box for a moment. I’ve seen in many places around the internet where bloggers will recommend, and explain how, to enable root to login to the console via ssh. I can not tell you enough how bad this is. An attacker no longer needs to guess two passwords to gain root access to the system, but, rather, only one. It is much, much more secure to disallow root access.

Access to the console operating system of ESX should be limited to the absolute minimum. Only users who absolutely need it, and know what they’re doing, should be able to login. From the console, the user has access to all of the configuration and datafiles for virtual machines. With the built-in tools provided by VMware, administrators can mount vmdk files and gain read/write access to a virtual machine’s hard drive. Additionally, because nearly all aspects of the virtual networking configuration can be changed from the console operating system, anyone with access can gain the ability to see all network traffic traveling to and from virtual machines.

Ok, less words, more action…

Read moresudo, let me log you doing something stupid

Ugh, Active Directory…oh, and ESX integration

I am, by no stretch of the imagination, a windows administrator.  However, I do know a good thing when I see it.  I don’t care for a good number of things Microsoft does (Internet Explorer….), however AD is one of the best things they’ve done, well ever.

Not only can I utilize AD logins for web apps (of any language…php, python, perl, etc), but ESX’s console operating system plays quite nicely with AD as well.

VMware has published a document about how to get it working here.  However, it’s quite easy:

Read moreUgh, Active Directory…oh, and ESX integration