Deploying Etherape on a non-Development system

Go to Etherape web site. Read package dependencies.

1. Download gtk+-2.24.31 sources

1a. Run "make configure"
- Install pango-devel
- Install atk-devel
- Install gdk-pixbuf2-devel

1b.
Re-ran "make configure" and passed dependencies, then ran "make" and "make install"



2. Downloaded libglade-2.6.4 sources

2a. Ran "make configure"

- Install libgnomeui-devel


3. Downloaded Etherape 9.1.4 sources

3a. Ran "make configure"

- Install libpcap-devel

- Install gnome-doc-utils

NOTE: I got some kind of error on a documentation package, but decided it was not critical to Etherape actually working.

3b. Ran "make" and then "make install"

NetFlow Kernel Module Programming

I have been doing some kernel module programming.This is not for kids.

Most examples on this are on kernels that pre-date the 3.10 kernels now in use (in other words, 2.6 kernels are the examples I mainly see that show how this magic is done).

But I've learned a bit from doing this. When I finally got into the more advanced kernel modules, where you need to start accessing data structures in C Programming language from the kernel headers, stuff started to not compile and I started to learn that the data structures have changed, et al.

The ultimate end to this is to write your own firewall using NetFlow. Will take some work.

But learning the NetFlow architecture, and how a packet traverses the NetFlow tables is very valuable because iptables is built on NetFlow.

I could write a lot more on this - but I'd bore you. I've compiled a lot of information and subject matter on this.

Dell PowerEdge R330 - Lifecycle and iDRAC

For the first time in years and years; maybe ever to this extent, I delved into the guts of a hardware platform; the Dell PowerEdge platform.

We order a lot of these where I work; Dell R220 (originally), Dell R230, Dell R330 and Dell R430.

Dell R430 - Carrier Grade (redundant and scalable)
Dell R330 - Enterprise Grade (has redundancy; drives, RAID card, power supplies)
Dell R230 - Commercial / Consumer Grade (weaker computing power, no redundancy)

These go up, actually, to a R7xxx series (I know someone who bought one of those - an R710), but we don't go that high where I work.

I have played with these boxes quite a bit; adding memory, auxiliary network cards, and in one case had to set a jumper to clear NVRAM on the box.  One a few boxes in the earlier days, I would configure RAID on them, and partition the drives in the CentOS installer (a Kickstart process takes away that fun for us nowadays).

One thing I have done, is install iDRAC cards into boxes that were not initially ordered with iDRAC cards.  I learned that if you buy the wrong ones, they might be compatible with the box, but they may not have the screw holes to mount them on the motherboard (I had to return those).

Lately, I have been playing with the iDRAC and Lifecycle Controller functions on the Dell R330.  I've learned that there are numerous version of iDRAC (newer boxes happen to be running iDRAC 8 while the ones from the last couple years are on 6 and 7). Dell has documentation on these versions, which use a primitive command line (CLI) syntax that has not changed much since I originally used RACADM in the 90s.

I also played with the OS-Passthrough feature.  You can direct cable with a CAT5/6 the iDRAC and a spare port on the box, and put static IPs on both of those ports and create a closed-loop out-of-band management LAN without actually cabling the box into an external network infrastructure of any kind. This allows you to VPN or tunnel into a box, and then access the local management network to get into iDRAC. You do have to cable it though - there's no way to create a virtual LAN (that I saw). You can add another IP for Lifecycle Controller if you set that statically, and have 3 IPs; one for Lifecycle Controller, one for iDRAC, and then the IP that the Operating System statically assigns when the OS comes up.

iDRAC has a web front-end that can be configured and enabled. Licensing guides on what can be done in the GUI, whereas when you use the CLI the licensing does not seem to be very informative to the user on what restrictions might be in play.

I never did get the Life Cycle Controller web interface to work, if that even exists (maybe it has a client or software that runs remotely and accesses that - looking into). So this software as it stands, appears to only work if you're on the physical console of the box and access it via the F10 key at bootup.

Trying to learn some more but at this point, this is what I have learned.

Ansible Part I

Now that I have a bunch of VMs running on a KVM host and interfacing properly with proper network configuration, the next thing that would be good to do is to learn how to deploy these VMs in an efficient way.

Right now, I have bash scripts that generate the VMs. I have one for Spice Graphics, and another without Spice Graphics for a non-graphical Minimal CentOS. Once these OS images are installed, though, I have to do considerable tweaking to get software installed and configured on them.

This is where ansible comes in.

I have a book on Ansible - and a number of Ansible scripts and playbooks.

I have not had time to read the book, nor play with the playbooks, but I did have sense enough to delete all of the inventory files. The last thing you want to do is start running playbooks and farting up someone else's virtual machines using incorrect inventory.

So that's where we are....nowhere really, except an intent to get smart about Ansible.

Ansible - is an alternative to Chef and Puppet. I know a guy who did research on all of these and chose Ansible. So that's the history on "why Ansible".

More Work on KVM - Network Configuration

Been a while since I have posted anything on here. I'll do a few updates.

One of the projects I have been working on is the transition from Virtual Box (which I run on a Windows 10 laptop) and ESXi (which we used to run on large servers) to KVM.

What I have been doing is installing an entire network on a KVM host - with different CentOS 7 virtual machines.

Initially when I did this, I put each one of these on their own subnet (default network). Then - when one of the VMs needed a static IP, I learned how to use the virsh commands to edit the xml file for the default network and insert DHCP ranges, and - of these DHCP ranges - lock a specific IP to a specific  host / MAC.

What I really meant to do, was to go back and reconfigure the network to resemble the Virtual Switch mechanism that ESXi provides through the user interface. But I could not - easily - figure out how to do this.

Later, a young greenhorn developer mentioned to me that the "Connection Details" tab in the Virt-Manager GUI would allow you to add/remove and start/stop various networks. And in exploring this, I learned that you can create Routed networks, NAT networks, and custom versions of these. You can also create internal networks.

It appears that you can "enable static routes" on both the NAT and Routed networks - a little confusing but made sense once you started trying to interact between VMs. I had some issues getting NAT networks to interface with Routed Networks until I wised up and, for the VM that needed internet access, created two network interfaces on that VM; one using a NAT network (external internet) and one using Routed (for internal network that could interface with other Routed VMs).

With that I was able to create 7-8 VMs that could interface with one another, and one of those VMs could get out to the internet as required.

There might be more sophisticated things you can do, but I think if you understand the types of networks and how to properly configure them, you should pretty much be where you want to be. I might need to read up on more advanced aspects of KVM but I think I'm good for now.