Monthly Archives: July 2017

nsx-lb

NSX Load Balancer for HTTPS Name-based Virtual Hosting

Few of you all know I used NSX Load Balancer for Name-based Virtual Hosting in my home lab as I only got a single Public IP Address and I got a few websites that I would like to host. For example, this blog you are reading now is actually being hosted behind a NSX LB. Try resolving blog.acepod.com and nsx.acepod.com, they will both resolve to same IP address ie. 101.100.182.15 but when you access these URLs, they are actually different web servers. I used to do that with an apache proxy server but managing the config was rather painful. Since NSX Load Balancer was able to achieve that and it comes with a nice UI, why not? Of course, the other motivation of using NSX LB is for the benefit of my work, getting to know the inside-out of the NSX LB is always good.

Name-based Virtual Hosting for HTTP has been working well for me. I always wanted to find out whether that will work for HTTPS. Asking around my friends on this requirement ie. multiple https websites on the same port 443 and same IP Address seems possible. I was referred to Server Name Indication.

So lets see whether something like this will work for HTTPS. First I have to find some web servers internally that able to do https. I have been using this Turnkey debian LAMP for my NSX testing, so I will use them in this test.

Before testing HTTPS, let see the HTTP in action first. These are the individual web servers, accessing them directly with IP address.

Screen Shot 2017-07-25 at 5.35.27 PM

Lets now map dev2.acepod.com and dev3.acepod.com to the same IP address, which is 192.168.191.36 that has been configured on the NSX ESG as secondary IP Address.

Screen Shot 2017-07-25 at 5.38.38 PM

 

Screen Shot 2017-07-25 at 5.28.16 PM

 

OK. lets now access the web servers using their FQDN. Great! It works! NSX LB is now looking at the URL given and point it to the right pool.

Screen Shot 2017-07-25 at 5.40.41 PM

 

Well, if you are interested in the script that made this work. Here you go.

acl host_app11 hdr(Host) -i dev2.acepod.com
acl host_app12 hdr(Host) -i dev3.acepod.com
use_backend dev2acepod if host_app11
use_backend dev3acepod if host_app12

You will need use the Application Rule. After you create the Application Rule, you have to attach it to the Virtual Server.

Screen Shot 2017-07-25 at 5.43.39 PM

Screen Shot 2017-07-25 at 5.46.14 PM

Alright. Lets now get to the goal which is test out the HTTPS. Same test again, now with HTTPS.

Screen Shot 2017-07-25 at 5.33.10 PM

I’m going to write an application rule that is something similar but now I will use a different Pool. I will name the pool dev2acepod-https and dev3acepod-https.

Screen Shot 2017-07-25 at 6.03.35 PM Screen Shot 2017-07-25 at 6.03.43 PM

Screen Shot 2017-07-25 at 5.55.52 PM

Screen Shot 2017-07-25 at 5.52.55 PM

 

This is the Application Rule I used for HTTPS.

 

acl host_app21 hdr(Host) -i dev2.acepod.com
acl host_app22 hdr(Host) -i dev3.acepod.com
use_backend dev2acepod-https if host_app21
use_backend dev3acepod-https if host_app22

Next will be creating a Virtual Server and attach this Application Rule to it.

Screen Shot 2017-07-25 at 5.54.24 PM

Screen Shot 2017-07-25 at 5.55.12 PM

 

The final configuration looks like this.Screen Shot 2017-07-25 at 5.59.10 PM

 

OK. Let test it out. So, as you can see, it does not work. Different URL, but its still goes to the same pool. It uses the dev2acepod-https pool because I place it as the default pool.

Screen Shot 2017-07-25 at 6.04.29 PM

 

Lets now take away the default pool and see how it goes.

Screen Shot 2017-07-25 at 6.06.13 PM

 

Cannot even load.

Screen Shot 2017-07-25 at 6.07.00 PM

 

Conclusion is we have to use different secondary IP addresses for different https url. Then the next question is why would you use LB to do this, why not consider NAT?

The other thought is maybe the application rule does not work out this way. Will have to spend some time researching on the right application rule.

 

[25 July 2017 Update]

Alright, its the application rule after some researching here. So by changing to the following, it works!!!

mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }

use_backend dev2acepod-https if { req_ssl_sni -i dev2.acepod.com }
use_backend dev3acepod-https if { req_ssl_sni -i dev3.acepod.com }

Screen Shot 2017-07-25 at 6.37.24 PM

Screen Shot 2017-07-25 at 6.34.28 PM

 

 

 

 

 

 

 

 

Screen Shot 2017-07-25 at 4.58.25 PM

vSAN 6.6 All Flash on OVH Private Cloud

Recently had the opportunity to set up an all flash vSAN on OVH BMaaS to facilitate a Customer NSX POC. Took the chance to run some vSAN throughput test.

This is the server built that we got from OVH. We selected the Mini-HG and configure it with 3 SSD. Its physical locally in the OVH BHS (Canada) DC.

Screen Shot 2017-07-25 at 5.05.15 PM

 

This was the service we selected. Basically, I used the vRACK service and put vSAN traffic on the 2nd NIC ie. the private NIC. But anyway, that would be another blog post to write all the deployment details.

Test was ran on a Windows Server 2012R2 Machine, 2 vCPU, 4GB of RAM using AS SSD Benchmark.

Screen Shot 2017-07-25 at 11.59.11 AMScreen Shot 2017-07-25 at 11.59.29 AM

Some details of the vSAN Cluster.

Screen Shot 2017-07-25 at 4.37.50 PM

 

Screen Shot 2017-07-25 at 4.42.43 PM

Screen Shot 2017-07-25 at 4.42.31 PM

Screen Shot 2017-07-25 at 4.42.56 PM

Host details .. Basically all 3 hosts are the same specifications.

Screen Shot 2017-07-25 at 4.36.55 PM

 

Look at the Controllers and Disk.

Screen Shot 2017-07-25 at 4.48.53 PM

Screen Shot 2017-07-25 at 4.49.18 PM

 

Some vSAN Monitoring

Screen Shot 2017-07-25 at 4.45.45 PM

Screen Shot 2017-07-25 at 4.45.21 PM

Screen Shot 2017-07-25 at 4.46.15 PM

 

 

projectclarity

Project Clarity – Learning to build an Angular JS App

I always wanted to learn more about Angular JS and I thought Project Clarity would be a great way to start. A couple of months back I tried to install npm, it failed and I did not bother to look at it and partly I was busy with other stuff.

Last couple of weeks I have been putting vSphere Integrated Containers (VIC) into my Lab to prepare myself before going to Customer place for VIC + NSX POC. I was thinking, since there is a quick way of spinning up containers, why not spin up one to try Clarity. I was also trigged by a twitter post by Grant Orchard that it is very easy to start. Also I have been reading Cody posts on his Amazon Echo and vSphere application that he built using Clarity. Here we go.

Screen Shot 2017-07-12 at 11.55.34 PM

I was pointed to https://vmware.github.io/clarity/get-started. If you look below, its really brief. Already, I know how to install git but I have totally no clue about npm.

Screen Shot 2017-07-12 at 9.33.40 AM

 

A little google research on NPM and its node.js framework. Alright, cool!

Screen Shot 2017-07-12 at 9.35.48 AM

 

So I reckon, I need a linux container to start off with. CentOS which closest to RHEL would be a good bet. That is after I failed with nimmis/apache-php5 image.

Screen Shot 2017-07-12 at 9.39.16 AM

Now I tried centos image.

docker -H 192.168.120.127:2376 –tls run –name test12 –net=external01 -it centos /bin/bash

Everything looks OK until…

Screen Shot 2017-07-12 at 9.41.43 AMSo far the steps that I took.

1) yum install git
2)  yum install -y gcc-c++ make
3)  curl -sL https://rpm.nodesource.com/setup_6.x |  bash –
https://www.e2enetworks.com/help/knowledge-base/how-to-install-node-js-and-npm-on-centos/
4)  yum install -y nodejs
5) git clone https://github.com/vmware/clarity-seed.git
6) npm install [This failed! You will need to go into the clarity-seed folder!!]
7) cd clarity-seed
8) npm install [Until I hit an error]

The npm installation takes awhile but I was thinking if it was successfully, I should commit this image into my Harbor registry. I was disappointed the built did not go successfully.

[Update]
OK. after some google search again, it was found out to be bzip2 related. Replace step 7 with below should work.
7) yum install -y bzip2
8) npm install

Some warnings but lets see.

Screen Shot 2017-07-12 at 10.16.10 AM

BOOM! My first Clarity App successfully running!

Screen Shot 2017-07-12 at 10.18.10 AM

Ok. Still doesn’t work because its on localhost. Need to open up package.json and at the start, add in the host, ng serve –host 10.10.12.5.

Happiness, successfully deployed my first Clarity App!

Screen Shot 2017-07-12 at 10.56.01 PM

 

 

 

Screen Shot 2017-07-02 at 5.14.20 PM

Powershell script to customise drivers into ESXi

The Supermicro E300 require the igxbe drivers for their 10GE NICs as the standard ESXi ISO does not natively support. Therefore I’m require to custom build the ESXi ISO.

The igxbe 4.5.1 drivers were from Paul Blog – https://tinkertry.com/how-to-install-intel-x552-vib-on-esxi-6-on-superserver-5028d-tn4t.

Download here.

The powershell script were from here. https://www.v-front.de/p/esxi-customizer-ps.html 

These are the commands used.

PowerCLI C:\> C:\Users\Administrator\Downloads\ESXi-Customizer-PS-v2.5.ps1 -izip C:\Users\Administrator\Downloads\update-from-esxi6.0-6.0_update03.zip -pkgDir E:\pkg

PowerCLI C:\> C:\Users\Administrator\Downloads\ESXi-Customizer-PS-v2.5.ps1 -izip C:\Users\Administrator\Downlods\ESXi650-201704001.zip -pkgDir E:\pkg

Screenshot:
Screen Shot 2017-07-02 at 5.14.20 PM

You must be wondering why can’t I just update the drivers after installation. I wanted to PXE boot for ESXi installer and somehow or rather the NIC on the E300 that support PXE boot were the 10GE NICs. That was the reason why I have to custom build the igxbe driver into the ISO.