Posts

This Blog Post Is Not For You This blog post is directed towards people who are working with the BOSH vSphere CPI (Cloud Provider Interface), which is not you. There are more interesting things to read. If you want suggestions, try Ulysses by Sir Alfred Lord Tennyson, a poem about an aged hero seeking to recapture his adventures of youth. Challenge: Extending the Size of the Root Disk I’d like to extend the size of the root partition, but it’s a challenge: if I don’t make exactly the correct vSphere API calls, my changes will fail, and the feedback loop is slow (hot-patching a BOSH Director and then running a deploy takes at least 5 minutes each attempt). ...

If you don’t like seeing the “Your connection is not private” or “Warning: Potential Security Risk Ahead” when you browse to your NSX Manager, then you may want to install a TLS certificate from a commercial CA (Certificate Authority). This post tells you how. This NSX manager has a certificate from issued from Sectigo. Note that the padlock in the address bar shows no warning and the certificate’s chain-of-trust can be examined. ...

* If you don’t count the amount of time spent maintaining the on-premise equipment. Abstract My 48-VM (virtual machine) homelab configuration costs me approximately $430/month in hardware, electricity, virtualization software, and internet, but an equivalent configuration on AWS (Amazon Web Services) would cost $1,660/month (almost four times as expensive)! Disclosures: I work for VMware, which sells on-premise virtualization software (i.e. vSphere). I didn’t put a dollar value on the time spent maintaining on-premise because I had a hard time assigning a dollar value. For one thing, I don’t track how much time I spend maintaining my on-premise equipment. For another, I enjoy maintaining on-premise equipment, so it doesn’t feel like work. Shortcomings of On-Premise Time and Effort: Before you leap into on-premise, you need to ask yourself the following, “Am I interested, and do I have the time, to maintain my own infrastructure?” If you like swapping out broken hard drives, troubleshooting failed power supplies, creating VLANs, building firewalls, configuring backups, and flashing BIOS—if you like getting your hands dirty—then on-premise is for you. Only one IPv4 address: This is a big drawback. Who gets the sole IPv4 (73.189.219.4) address’s HTTPS port—the Kubernetes cluster or the Cloud Foundry foundation? In my case, the Cloud Foundry foundation won that battle. On the IPv6 front there’s no scarcity: Xfinity has allocated me 2601:646💯69f0/60 (eight /64 subnets!). Poor upload speed: Although my Xfinity download speed at 1.4 Gbps can rival the cloud VMs’, the anemic 40 Mbps upload speed can’t. I don’t host large files on my on-premise home lab. This may not be a problem if your internet connection has symmetric speeds (e.g. fiber). Scalability: I can’t easily scale up my home lab. For example, my 15 amp outlet won’t support more than what it already has (2 ESXi hosts, 1 TrueNAS ZFS fileserver, two switches, an access point, a printer). Similarly, my modestly-sized San Francisco apartment’s closet doesn’t have room to accommodate additional hardware. Widespread outages: When I upgraded my TrueNAS ZFS fileserver that supports the VMs, I had to power-off every single VM. Only then could I safely upgrade the fileserver. Ground-up Rebuilds: One time I made the mistake of not powering down my 48 VMs before rebooting my fileserver, and I spent a significant portion of my winter break recovering corrupted VMs (re-installing vCenter, rebuilding my Unifi console from scratch). How I Calculated the AWS Costs First, I pulled a list of my VMs and their hardware configuration (number of CPUs (cores), amount of RAM (Random Access Memory)) I used the following govc command: ...

We’re going to set up automated backups for a vCenter which we were forced to rebuild over the winter break because the unexpected reboot of the file server hosting the iSCSI datastore backing the vCenter’s disk drive caused unrecoverable database corruption, and we had no backups. Log into your TrueNAS server via its web interface, e.g. https://nas.nono.io Browse to “Services” Start FTP (by toggling the “Running” slider) and configure it to start automatically Remember to start the FTP service and configure it to start automatically. Once that’s done, you can configure it by clicking on the ✎ icon in the Actions column. ...

Concourse CI/CD (continuous integration/continuous delivery) can create multi-platform Docker images. This blog post describes how. A multi-platform docker image is one that contains “variants for different architectures”. Docker images are often created for a single architecture (“instruction set architecture” or “ISA”), typically Intel’s/AMD’s x86-64, but with the advent of ARM64-based offerings such as AWS’s Graviton and Apple’s M1/M2, It’s becoming more common to build multi-platform images to avoid the heavy emulation performance penalty (typically >10x) when running an image on a different architecture. Multi-platform images enable a developer, for example, to run a container just as fast on their Apple M1 laptop as their GCP (Google Cloud Platform) Kubernetes cluster. ...