This is done on VMware 6.5, but it should work on 6.7 also.

ESXi Add Static Route

The command to add static route to your ESXi host is like this:

esxcli network ip route ipv4/ipv6 add -n IPv4_network/mask -g IPv4_gateway_ip

 Usage: esxcli network ip route ipv4 add [cmd options]
 Description:
   add                   Add IPv4 route to the VMkernel.
 Cmd options:
   -g|--gateway=    The Ipv4 address of the gateway through which a route to be added. (required)
   -N|--netstack=   The network stack instance; if unspecified, use the default netstack instance
   -n|--network=    The Ipv4 address and prefix length of the network to add the route to. Specify 'default' to indicate the default network. (required)

Example adding network 10.90.20.0/23 with gateway 10.92.20.5

esxcli network ip route ipv4 add -n 10.90.20.0/23 -g 10.92.20.5

ESXi List Routes

The command to list ESXi host routes is like this:

esxcli network ip route ipv4 list

You should get output similar to this:

[root@esx05:~] esxcli network ip route ipv4 list
 Network        Netmask          Gateway        Interface  Source
 -------------  ---------------  -------------  ---------  ------
 default        0.0.0.0          xxx.xxx.xxx.1  vmk0       DHCP
 10.90.20.0     255.255.254.0    10.92.20.5     vmk1       MANUAL
 10.92.20.0     255.255.254.0    0.0.0.0        vmk1       MANUAL
 xxx.xxx.xxx.0  255.255.255.192  0.0.0.0        vmk0       MANUAL
 [root@esx05:~]

ESXi Remove Static Route

The command to remove static route to your ESXi host is like this:

esxcli network ip route ipv4 remove -n IPv4_network/mask -g IPv4_gateway_ip

Usage: esxcli network ip route ipv4 remove [cmd options]
 Description:
   remove                Remove IPv4 route
 Cmd options:
   -g|--gateway=    The Ipv4 address of the gateway through which a route to be removed (required)
   -N|--netstack=   The network stack instance; if unspecified, use the default netstack instance
   -n|--network=    The Ipv4 address and prefix length of the network to remove the route from. Specify 'default' to indicate the default network. (required)

Example of removing previously added 10.90.20.0/23 with gateway 10.92.20.5

esxcli network ip route ipv4 remove -n 10.90.20.0/23 -g 10.92.20.5

VMware KB: https://kb.vmware.com/s/article/2001426

The cron software utility is a job scheduler in Unix-like operating systems which is driven by the crontab (cron table) file located in the /etc directory.

These periodic jobs are also known as Cron Jobs and are scheduled to run on specific time. We can use Crontab Jobs in Linux for MySQL Backups, system monitoring, delete files older then x days and a lot more.

Each line in the crontab file is a new cron job and uses this cron job format:

# ┌───────────── minute (0 - 59) 
# │ ┌───────────── hour (0 - 23) 
# │ │ ┌───────────── day of the month (1 - 31) 
# │ │ │ ┌───────────── month (1 - 12) 
# │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday; 
# │ │ │ │ │                                   7 is also Sunday on some systems) 
# │ │ │ │ │ 
# │ │ │ │ │ 
# * * * * * command to execute 

There are also special characters that you can use:

• star ( * ) – means every. For example if in minute means every menute
• comma ( , ) – are used to separate items of a list. For example, using “MON,WED,FRI” in the 5th field (day of week) means Mondays, Wednesdays and Fridays.
• Minus sign ( – ) – defines ranges. For example, 2000-2010 indicates every year between 2000 and 2010, inclusive.
• Slash ( / ) – slashes can be combined with ranges to specify step values. For example, */5 in the minutes field indicates every 5 minutes

We also have some macros that you can use without remembering the table above:

To list all cron jobs for the user you are logged in you can issue crontab -l command

crontab -l

To edit a crontab job in linux or add a new one you need to add -e at the end of crontab command

crontab -e

If this is a first time you will be asked to choose a default editor when editing cron jobs, my choice is vim.nox but you can choose your preferred.

no crontab for vionsoft - using an empty one
 Select an editor.  To change later, run 'select-editor'.
 /bin/ed
 /bin/nano        <---- easiest
 /usr/bin/vim.nox
 /usr/bin/vim.tiny 
 Choose 1-4 [2]: 3

This is the default crontab file for a user and at the end you need to append your crontab scheduler command

# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
# 
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h  dom mon dow   command
* * * * * command_to_execute_every_minute

Stop crontab from sending emails

If you don’t want to receive emails from your crontab jobs you need to append > /dev/null 2>&1 at the end of each line. If you want to receive only errors append only > /dev/null

Don’t receive any email

# Redirect STDOUT and STDERR to /dev/null
* * * * * command_to_execute_every_minute > /dev/null 2>&1 

Receive only email from STDERR (Errors)

 # Redirect only STDOUT to /dev/null
* * * * * command_to_execute_every_minute > /dev/null 

Crontab Job in Linux examples

cron job every 5 minutes

# executed: every 5 minutes, every hour, every day, every month, every year 
*/5 * * * * /home/user/scripts/myscript.sh

cron job every hour between 10:00 and 14:00

# executed: 10:15, 11:15, 12:15, 13:15, 14:15, every day, every month, every year
15 10-14 * * * /home/user/scripts/myscript.sh

cron job every Sunday 5 minutes after midnight

# executed: every Sunday, 5 minutes after midnight, every month, every year
5 0 * * SUN /home/user/scripts/myscript.sh

cron job Monday through Friday at 1:00AM

# executed: Monday 1AM, Tuesday 1AM, Wednesday 1AM, Thursday 1AM, Friday 1AM, every month, every year
0 1 * * 1-5 /home/user/scripts/myscript.sh

Finally, if you are lazy to memorize all of this there is a website that will help you create a cron job in linux with the specific parameters you need

Cron Job Examples: https://crontab.guru/examples.html

This problem occurs when you have fresh new server installs with nginx and PHP for me with WordPress installs lately, everyone wants their own Cloud VPS, but there is no-one to manage it or install it.

The 413 Request Entity Too Large indicates that your nginx server is not configured to accept file with the size you are trying to upload. The parameter is the nginx client_max_body_size which has the default value of 1MB.

Here are the official nginx docs on client_max_body_size if you exceed this size you will see this image

nginx client_max_body_size configuration

You have 2 options here, you can set it globally or per website.

1. Open /etc/nginx/nginx/conf and under http {} add the following lines

vi /etc/nginx/nginx.conf

http {
    ......
    #set client body size to 20M
    client_max_body_size 20M;
    .....
}

2. Open /etc/nginx/sites-available/yourwebsite.conf and under server {} add the following lines

server {
    #set client body size to 20M
    client_max_body_size 20M;
    .....
    listen 80;
    server_name yourwebsite.com;
    .....
}

Please be aware that browsers cannot correctly display this error. Setting size to 0 disables checking of client request body size.

Now check nginx configuration and restart the server if everything is OK

nginx -t

You need to get

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now restart nginx server

systemctl reload nginx.service 

You are done with your nginx configuratioon

PHP configuration

Now that you have your nginx server to accept client request body of 20MB you need to increase some values in your PHP configuration file. Edit your /etc/php/7.0/fpm/php.ini and change the following values:

vi /etc/php/7.0/fpm/php.ini

; Maximum allowed size for uploaded files.
 ; http://php.net/upload-max-filesize
 upload_max_filesize = 20M

 ; Maximum size of POST data that PHP will accept.
 ; Its value may be 0 to disable the limit. It is ignored if POST data reading
 ; is disabled through enable_post_data_reading.
 ; http://php.net/post-max-size
 post_max_size = 20M

Now restart your PHP-FPM process and you are done

 systemctl restart php7.0-fpm.service 

After these modifications you should be able to upload files with MAX size of 20MB

As I have my Master server in place, it’s a production server with data on it, it’s a Virtual Server running Ubuntu 16.04 LTS and MySQL 5.7 with sufficient RAM memory and vCPU cores running on SSD drives. The server is starting to be used all day long and I can’t find a suitable time when I can do my backups, so from now on, I can do my backup jobs on my Slave server anytime I want.

In my current setup I have my Master MySQL server mysql01 and my Slave MySQL server mysql02 which is in another datacenter

mysql01 IP: 10.90.21.16
mysql02 IP: 10.91.21.21

Master server setup

You will need to plan for downtime because we will need to take a consistent snapshot of the databases for which we will need to put the server into a read-only mode.

1. Update the configuration file

Edit: /etc/mysql/mysql.conf.d/mysqld.cnf and under [mysqld] uncomment or add the following lines

[mysqld]
bind-address = 10.90.21.16
server-id = 1
log_bin = /var/log/mysql/mysql-bin.log

This will make the database server listen on private IP, set server-id which should be unique among all Master and Slave nodes and enable binary logging. Some of this you should already have but let’s check it once again.

2. Restart for services to be effective

systemctl restart mysql

3. Create Replication User

root@mysql01:~# mysql -u root -p
Enter password: 

mysql> CREATE USER 'repl'@'10.91.21.21' IDENTIFIED BY 'Sl@v3p@$$';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT REPLICATION SLAVE ON *.* TO 'repl'@'10.91.21.21';
Query OK, 0 rows affected (0.00 sec)

This will create a dedicated repl user for the Slave server IP address 10.91.21.21 and we will give privileges for REPLICATION SLAVE. Remember to change 10.91.21.21 with your Slave server IP address.

4. Lock the Master Server Databases

mysql> FLUSH TABLES WITH READ LOCK;
Query OK, 0 rows affected (0.22 sec)

This will lock ALL tables with READ-ONLY flag and during the lock we need to create a consistent snapshot of the database so we can bootstrap the Slave server later on. Remember this will lock all INSERT and UPDATE queries.

Lock will be released when you exit the MySQL CLI or issue UNLOCK TABLES. Keep the lock until you finish the mysqldump.

5. Master Replication log position

mysql> SHOW MASTER STATUS;
+------------------+-----------+--------------+------------------+-------------------+
| File             | Position  | Binlog_Do_DB | Binlog_Ignore_DB | Executed_Gtid_Set |
+------------------+-----------+--------------+------------------+-------------------+
| mysql-bin.003577 | 141378624 |              |                  |                   |
+------------------+-----------+--------------+------------------+-------------------+
1 row in set (0.00 sec)

Write the File and the Position values, you will need them later when you initialize the Slave replication.

6. DUMP the Master server databases

mysqldump -uroot -p --all-databases --single-transaction --triggers --routines > dump.sql

This will dump all the databases into a single dump.sql file. You can check my MySQL Backup and Restore post regarding the backup and restore commands.

7. Unlock the databases on the Master server

mysql> UNLOCK TABLES;
Query OK, 0 rows affected (0.00 sec)

WAIT until your backup from step 6 has finished before issuing this command. After this, your Master server will be fully operational.

8. Transfer the data to the Slave server

root@mysql01:~# $ scp dump.sql 10.91.21.21:/tmp

This will transfer the data from the Master server to the Slave server and we can jump and configure the Slave server.

You can even have a break at this point.

Slave Server Setup

As with the Master server we need to make few adjustments with the Slave server, restore the databases and start the Replication process.

1. Update the configuration file

Edit: /etc/mysql/mysql.conf.d/mysqld.cnf and under [mysqld] uncomment or add the following lines

[mysqld]
bind-address = 10.91.21.21
server-id = 2
log_bin = /var/log/mysql/mysql-bin.log

Like the Master server above we need to make the server listen on it’s private IP, set server-id to a unique value (in our case 2) and enable binary logging.

2. Restart for services to be effective

systemctl restart mysql

3. Import the dump file

root@mysql02:~# mysql -u root -p < /tmp/dump.sql

4. Setup the slave to communicate with the Master

root@mysql02:~# mysql -u root -p

mysql> STOP SLAVE;
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> CHANGE MASTER TO
    -> MASTER_HOST='10.90.21.16',
    -> MASTER_USER='repl',
    -> MASTER_PASSWORD='Sl@v3p@$$',
    -> MASTER_LOG_FILE='mysql-bin.003577',
    -> MASTER_LOG_POS=141378624;
Query OK, 0 rows affected, 2 warnings (0.01 sec)

mysql> START SLAVE;
Query OK, 0 rows affected (0.00 sec)

Change the Master Host, Password, Log file and Log Position with YOUR VALUES.

Check if replication is working

To see if your configuration is working you need to connect on your Slave server and issue SHOW SLAVE STATUS\G

mysql> SHOW SLAVE STATUS\G
*************************** 1. row ***************************
               Slave_IO_State: Waiting for master to send event
                  Master_Host: 10.90.21.16
                  Master_User: repl
                  Master_Port: 3306
                Connect_Retry: 60
              Master_Log_File: mysql-bin.003577
          Read_Master_Log_Pos: 229958895
               Relay_Log_File: mysql02-relay-bin.000002
                Relay_Log_Pos: 11083560
        Relay_Master_Log_File: mysql-bin.003577
             Slave_IO_Running: Yes <-- Imporant
            Slave_SQL_Running: Yes <-- Imporant
              Replicate_Do_DB:
          Replicate_Ignore_DB:
           Replicate_Do_Table:
       Replicate_Ignore_Table:
      Replicate_Wild_Do_Table:
  Replicate_Wild_Ignore_Table:
                   Last_Errno: 0
                   Last_Error:
                 Skip_Counter: 0
          Exec_Master_Log_Pos: 152461864
              Relay_Log_Space: 88580800
              Until_Condition: None
               Until_Log_File:
                Until_Log_Pos: 0
           Master_SSL_Allowed: No
           Master_SSL_CA_File:
           Master_SSL_CA_Path:
              Master_SSL_Cert:
            Master_SSL_Cipher:
               Master_SSL_Key:
        Seconds_Behind_Master: 1575 <-- Imporant
Master_SSL_Verify_Server_Cert: No
                Last_IO_Errno: 0
                Last_IO_Error:
               Last_SQL_Errno: 0
               Last_SQL_Error:
  Replicate_Ignore_Server_Ids:
             Master_Server_Id: 1
                  Master_UUID: ee9774f5-8552-11e8-b6cb-00505684dbd9
             Master_Info_File: /var/lib/mysql/master.info
                    SQL_Delay: 0
          SQL_Remaining_Delay: NULL
      Slave_SQL_Running_State: System lock
           Master_Retry_Count: 86400
                  Master_Bind:
      Last_IO_Error_Timestamp:
     Last_SQL_Error_Timestamp:
               Master_SSL_Crl:
           Master_SSL_Crlpath:
           Retrieved_Gtid_Set:
            Executed_Gtid_Set:
                Auto_Position: 0
         Replicate_Rewrite_DB:
                 Channel_Name:
           Master_TLS_Version:
1 row in set (0.00 sec)

From all this data there are few parameters you need to check, Slave_IO_Running and Slave_SQL_Running should be Yes, and since I had a break before setting up the Slave I have Seconds_Behind_Master: 1575 Wait for this parameter to be 0 which indicates that the Slave is not behind the Master with the data.

MySQL Replication Chapter: https://dev.mysql.com/doc/refman/5.7/en/replication.html

If you have more hosts and vCener installed you can leverage VMware Update Manager (VUM) which can orchestrate the patching across your cluster where it goes and puts the host in maintenance mode, evacuates VMs via vMotion automatically each time a host within cluster needs to be patched.

Enable SSH on ESXi

In vSpere Web Client click on the server you want to enable SSH and go to Configure -> System -> Security Profile and click Edit. Follow the steps on the picture below.

Enter maintenance mode

You should shutdown all Virtual machines on the selected host or migrate them to a different host before you put the selected host for patching into maintenance mode.

SSH into your host and type the following command

vim-cmd hostsvc/maintenance_mode_enter

Open firewall ports

You must enable internet access to HTTPS on your VMware host to be able to search and download the latest patches from VMware vib repository.

esxcli network firewall ruleset set -e true -r httpClient

Search the latest VMware ESXi patches

The main command to list all the patches in the VMware vib repository you can use this command:

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

So to be able to find the patch you need,  you have to use grep and specify the version and the last year: grep ESXi-version-year

For ESXi 6.5 in 2019 use the following command

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep ESXi-6.5.0-2019

For ESXi 6.7 in 2019 use the following command

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep ESXi-6.7.0-2019

Patching ESXi

Now you can install the latest patch in the time I’m writing this it’s the patch from May 2019 ESXi-6.5.0-20190504001-standard

esxcli software profile update -p ESXi-6.5.0-20190504001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

There are two commands profile update and profile install, update keeps custom drivers and install does not. I’m always using the profile update command.

Now I have the update result message that the update was successful and I need to reboot my host:

Update Result
 Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
 Reboot Required: true

Cleaning commands

You will need to ENABLE SSH on the host again because it is disabled by default after the reboot, If you forgot how see the image above.

As the message above told us we need to reboot the host in order for the changes to be effective

reboot

After the reboot we are going to close HTTPS access for the host machine from the VMware firewall

esxcli network firewall ruleset set -e false -r httpClient

And exit maintenance mode

vim-cmd hostsvc/maintenance_mode_exit

Now start your Virtual Machines and visit this tutorial in a few months when you will need to update your hosts again :)

Also, don’t forget to DISABLE SSH on your VMware hosts.

There is a lot of monitoring software out there and most of them are using the old SNMP protocol for the basic monitoring tasks. So, for us to be able to monitor our VMware hosts we need to enable SNMP and allow connection through the ESX firewall.

We are going to use the CLI to enable SNMP in ESXi so we need to Enable SSH, Configure SNMP, Enable SNMP on ESXi firewall

Enable SSH on ESXi

In vSpere Web Client click on the server you want to enable SSH and go to Configure -> System -> Security Profile and click Edit. Follow the steps on the picture below.

ESXi SNMP Configuration

Login into VMware host using SSH and root credentials, then set community string that you are going to use, and enable SNMP service.

esxcli system snmp set --communities YOUR_COMMUNITY_STRING
esxcli system snmp set --enable true

Replace YOUR_COMMUNITY_STRING with the Community string you are going to use, usually this is Private or Public but I think you need to use some unique string one for security reasons.

Enable SNMP on ESXi firewall

Now we need to add a firewall rule to allow inbound SNMP traffic to our ESXi host. For this, we have two options:

1. Allow all traffic for SNMP
2. Allow traffic from specific hosts or subnets

Allow traffic from All hosts

esxcli network firewall ruleset set --ruleset-id snmp --allowed-all true
esxcli network firewall ruleset set --ruleset-id snmp --enabled true

Allow traffic from specific hosts or subnets

esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 192.168.1.0/24
esxcli network firewall ruleset set --ruleset-id snmp --enabled true

Restart SNMP Service

Now that we have done our VMware 6.5 SNMP configuration we need to restart the SNMP service

/etc/init.d/snmpd restart

Finally here is my CLI command list that you can edit and paste. I’ve changed the community string and I’m using my private LAN subnet to allow it on the ESXi firewall.

esxcli system snmp set --communities vionstring
esxcli system snmp set --enable true
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 10.90.20.0/23
esxcli network firewall ruleset set --ruleset-id snmp --enabled true
/etc/init.d/snmpd restart

It should look like this:

I’m going to use my configuration all the time and stop searching for it. Also, don’t forget to DISABLE SSH on your VMware hosts.

Add additional Disk Space

I’ve chosen to add an additional virtual disk not to increase the capacity on my current one.  I’ll be adding an additional 1TB thin-provisioned disk and reboot the system.

Now I have 120GB  /dev/sda disk and 1TB /dev/sdb disk that I need to add into my LVM group. To check that I need to type lsblk

root@linux01:~# lsblk
NAME                   MAJ:MIN  RM  SIZE    RO  TYPE MOUNTPOINT
sda                    8:0      0    120G   0   disk
├─sda1                 8:1      0    487M   0   part /boot
├─sda2                 8:2      0    1K     0   part
└─sda5                 8:5      0    119.5G 0   part
 ├─linux01--vg-root    252:0    0    118.5G 0   lvm  /
 └─linux01--vg-swap_1  252:1    0    976M   0   lvm  [SWAP]
sdb                    8:16     0    1T     0   disk
sr0                    11:0     1    62M    0   rom

Partition the new disk

Now we need to partition the new disk with Linux LVM file type 8e with fdisk. In  my case, the choices will be: n(for new partition), p(for primary), 1(for partition number sdb1), then few hits of Enter for the defaults, After that I’m changing the partition type to 8e so I press t(to change partition type) and 8e(for Linux LVM) and at the end w to write the changes

root@linux01:~# fdisk /dev/sdb

Welcome to fdisk (util-linux 2.27.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0xc2ce9a65.

Command (m for help): n
Partition type
 p primary (0 primary, 0 extended, 4 free)
 e extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-2147483647, default 2048): <enter>
Last sector, +sectors or +size{K,M,G,T,P} (2048-2147483647, default 2147483647):<enter>

Created a new partition 1 of type 'Linux' and of size 1024 GiB.

Command (m for help): t
Selected partition 1
Partition type (type L to list all types): 8e
Changed type of partition 'Linux' to 'Linux LVM'.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

Now to check that everything is OK we’ll type fdisk /dev/sdb -l and this is what you should see at the end of the output:

Device     Boot Start         End     Sectors  Size   Id  Type
/dev/sdb1        2048  2147483647  2147481600  1024G  8e  Linux LVM

NOTE: You may get an error message at the end of the ountput like the one below:

The partition table has been altered!

Calling ioctl() to re-read partition table.

WARNING: Re-reading the partition table failed with error 16: Device or resource busy.
The kernel still uses the old table. The new table will be used at
the next reboot or after you run partprobe(8) or kpartx(8)
Syncing disks.

Just run partprobe again:

root@linux01:~# partprobe
root@linux01:~#

Extend LVM Partition

Now we are going to convert the physical volume into a logical volume for use in LVM groups.

root@linux01:~# pvcreate /dev/sdb1
 Physical volume "/dev/sdb1" successfully created

Check the Volume Group name and extend it in our case the Volume Group Name is linux01-vg (the name is under the first VG)

root@linux01:~# vgs
 VG        #PV #LV #SN Attr   VSize    VFree
 linux01-vg 1  2   0   wz--n- 119.52g  36.00m

root@linux01:~# vgextend linux01-vg /dev/sdb1
 Volume group "linux01-vg" successfully extended

Now we are going to add all additional space that we have from the new disk

root@linux01:~# df -h /
Filesystem                   Size Used Avail Use% Mounted on
/dev/mapper/linux01--vg-root 117G 78G  34G   71%  /

root@linux01:~# lvextend /dev/mapper/linux01--vg-root /dev/sdb1
 Size of logical volume linux01-vg/root changed from 118.53 GiB (30344 extents) to 1.12 TiB (292487 extents).
 Logical volume root successfully resized.

if Ubuntu ext4:

root@linux01:~# resize2fs /dev/mapper/linux01--vg-root
resize2fs 1.42.13 (17-May-2015)
Filesystem at /dev/mapper/linux01--vg-root is mounted on /; on-line resizing required
old_desc_blocks = 8, new_desc_blocks = 72
The filesystem on /dev/mapper/linux01--vg-root is now 299506688 (4k) blocks long.

if CentOS xfs:

[root@server1 ~]# xfs_growfs /dev/mapper/centos_server1-root
meta-data=/dev/mapper/centos_server1-root isize=512 agcount=6, agsize=3276800 blks
         =                      sectsz=512 attr=2, projid32bit=1
         =                      crc=1 finobt=0 spinodes=0
data     =                      bsize=4096 blocks=17300480, imaxpct=25
         =                      sunit=0 swidth=0 blks
naming   =version 2             bsize=4096 ascii-ci=0 ftype=1
log      =internal              bsize=4096 blocks=6400, version=2
         =                      sectsz=512 sunit=0 blks, lazy-count=1
realtime =none                  extsz=4096 blocks=0, rtextents=0
data blocks changed from 17300480 to 69728256

And now confirm that we have the space that we allocated

root@linux01:~# df -h /
Filesystem                   Size  Used  Avail  Use%  Mounted on
/dev/mapper/linux01--vg-root 1.1T   78G  1001G  8%    /

So, from 120GB now we have 1.1TB of space which should be enough for the purpose of this Virtual Machine.

Logical Volume Manager (Linux): https://en.wikipedia.org/wiki/Logical_Volume_Manager_(Linux)

• Create diskless Virtual Machine in VMware
• Clone the .vdi Hard Drive from VirtualBox in vmdk format
• Move the new .vmdk image into VMware datastore using scp or wget
• Convert using VMware vmkfstools (this option is missing from tutorials!)
• Attach the Hard Drive and start your Virtual Machine in VMware

I’ve done this migrating machines from VirtualBox 4.3 to VMware 6.5, it should also work with other VirtualBox or VMware versions.

Create diskless VM in VMware

Open your VMware and create Virtual Machine with the parameters you want and remove all the Hard Drives. This will create directory in your datastore where we will upload the Hard Drive later on.

Clone the .vdi Hard Drive from VirtualBox in vmdk format

You need to proper shutdown the Virtual Machine in VirtualBox and use VBoxManage to clone the hard drive in vmdk format. This will create new hard drive on which you can work with and you will have the original one just i case something is not working as you expect.

cd /path/to/virtual/machine/
VBoxManage clonehd Windows2008.vdi Windows2008-tmp.vmdk --format vmdk

You will need to have extra space for the cloned images, if you don’t attach some other USB Hard Drive or NFS storage if working in remote data center.

If using phpVirtualBox open File -> Virtual Media Manager, highlight the Drive you want to clone and click Copy

This will also create a clone of your Hard Drive and you will see the process in the bottom of your phpVirtualBox web interface.

Move the new .vmdk image into VMware datastore using scp

You will need to enable SSH on your VMware machine to be able to use SCP to transfer the cloned image from VirtualBox machine to VMware machine or wget it from VirtualBox machine. In vSpere Web Client click on the server you want to enable SSH and go to Configure -> System -> Security Profile and click Edit

Login into your VirtualBox machine and SCP the file to your VMware machine

cd /path/to/virtual/machine/
scp Windows2008-tmp.vmdk root@vmware-esxi.yourdomain.com:/vmfs/volumes/volume01/yourmachine

Or wget the cloned Hard Drive from your VirtualBox machine, you need to have your cloned Hard Drive into your phpVirtualBox directory on your VirtualBox machine

cd /vmfs/volumes/volume01/yourmachine
wget http://virtualbox-host-or-ip.yourdmain.com/Windows2008-tmp.vmdk

Convert using VMware vmkfstools

If you don’t do this part you will have your Hard Disk as IDE drive and the performance of your machine will be very slow, there is a Official article how to convert IDE to SCSI but it’s missing the part and if you try to open the .vmdk you will see that you are unable to open very large file (in my case 128GB).

Using vmkfstools to clone the clone you will have 2 files Windows2008.vmdk (meta file that you can open and edit) and Windows2008-flat.vmdk (the actual data file)

To get the desired files use this commands:

cd /vmfs/volumes/volume01/yourmachine
vmkfstools -i Windows2008-tmp.vmdk  -d thin Windows2008.vmdk

Now open the Windows2008.vmdk and change ddb.adapterType = “ide” to ddb.adapterType = “lsilogic” as explained in this VMware Knowledge Base

Attach the Hard Drive and start your Virtual Machine

Now you can attach your existing Hard Drive Windows2008.vmdk and start your Virtual Machine, if everything is OK you can delete the old Windows2008-tmp.vmdk file.

VirtualBox: https://www.virtualbox.org/
VMware: https://www.vmware.com/

File system specific implementation of LookupAndOpen[file] failed
Object type requires hosted I/O
Cannot open the disk '/vmfs/volumes/..../.....vmdk' or one of the snapshot disks it depends on.
Module 'Disk' power on failed.
Failed to start the virtual machine.

To solve the issue you need to check the .vmdk file and repair it. If you need to repair it is good to have a backup of the file just in case.

1. Enable SSH access to your ESXi host and login

2. Check the main .vmdk file if it corrupted or not

vmkfstools -x check /path/to/your/machine.vmdk

3. To repair the file type:

vmkfstools -x repair /path/to/your/machine.vmdk

4. Start you VM!

In my case:

[root@esx02:/vmfs/volumes/5b3a61e9-248e71e2-e165-0cc47ae7cfd1/machine] vmkfstools -x check machine.vmdk
Disk needs repair.
[root@esx02:/vmfs/volumes/5b3a61e9-248e71e2-e165-0cc47ae7cfd1/machine] vmkfstools -x repair machine.vmdk
Disk was successfully repaired.

This help me few times last month so it’s here.

I had a customer for whom we ware asked to setup Let’s Encrypt certificate and do it fast, so we generated the certificates and applied the basic configuration. The next day we had another call and we ware told that some mobile customers had some issues opening the website, so we analyzed the website using the SSL Labs online tool and got the score of B. The plan was FIX the SSL Labs score and the issues will be solved.

We assume that you already have your Certificates and we need to do few more configuration changes.

Enable HTTP2 and TLS

You need to add ssl and http2 in your listen line:

server {
  listen     *:443 ssl http2;
  ...
}

Disable the old SSL protocol

SSL is very old protocol and we need to disable it,

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Optimize cipher list

Ciphers can impact both performance and security so we need to have good cipher list. This list will probably change but for the time when I’m writing this article the list below is a good start.

We will tell nginx that we are going to use preferred cipher list and then list the preferred ciphers

ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

nginx dhparam parameters

We should generate our own DH parameters with at least 2048 bits, if you use 4096 bits on your certificate please generate 4096 bits DH parameters.

mkdir /etc/nginx/certs/
openssl dhparam 2048 -out /etc/nginx/certs/dhparam.pem

Then add the following line in your nginx config

ssl_dhparam /etc/nginx/certs/dhparam.pem;

OCSP stapling

We can tell our server to get a signed message from the OCSP server and add it to the initial handshake, this way the client will be confidante that the certificate is not revoked and the browser will not need to add additional overhead the the connection.

We will get it directly from Let’s Encrypt website

wget -O /etc/nginx/certs/lets-encrypt-x3-cross-signed.pem "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"

And add this lines to our nginx configuration

ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/lets-encrypt-x3-cross-signed.pem;

Enable HSTS

To get the benefits of HTTP2 we need to use enable HSTS with allows the server to tell the client to only use HTTPS and the client will not try to communicate with HTTP for the time specified.

Add the following line to enable HSTS

add_header Strict-Transport-Security "max-age=31536000" always;

If you want to include all subdomains Add this

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

NOTE: Don’t use both.

Optimizing SSL session cache

Creating a bigger session cache will reduce the number of handshakes and we will have better performance. The default time is 5 minutes and we will increase it to 4 hours.

As a reference 1MB cache will hold around 4000 sessions.

We will add 40MB of shared cache with 4 hours of session timeout.

ssl_session_cache shared:SSL:40m;
ssl_session_timeout 4h;

Enable session tickets

This is alternative to session cache, if a client has a session ticket it can be presented to the server and the re-negotiation is not necessary.

Add the following to the config

ssl_session_tickets on;

Finally the whole config file

server {
 # Enable HTTP2 and TLS
 listen *:443 ssl http2;

# Tell client which ciphers are available
 ssl_prefer_server_ciphers on;
 ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

# Use our own DH params
 ssl_dhparam /etc/nginx/certs/dhparam.pem;

# Enable OCSP stapling
 ssl_stapling on;
 ssl_stapling_verify on;
 ssl_trusted_certificate /etc/nginx/certs/lets-encrypt-x3-cross-signed.pem;

# Enable HSTS
 add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

# Optimize session cache
 ssl_session_cache shared:SSL:40m;
 ssl_session_timeout 4h;

# Enable session tickets
 ssl_session_tickets on;
 
 ......
}

Now we got A+, the website performance was much better and no more issues opening the website.

Nginx SSL module
SSL Labs Server Test