Posts Tagged ‘networking’

Copying a VMWare Player virtual machine

Monday, December 14th, 2009

Over the past couple months I’ve been comparing VMWare Workstation against VMWare Player.  Workstation costs $200, while Player is free. While the “free” part is enough for me to keep using Player, there are some things I miss about Workstation.  One of the things I miss is the ability to make snapshots and copies of virtual machines.  However, with a little bit of work, it’s possible to create a copy of a virtual machine you created with Player. Here’s an example of how I did it with a minimalist installation of Fedora 12.

Copy the original “golden” virtual machine directory within the Virtual Machines directory.  The original virtual machine directory was named Fedora12Mini, and the new directory was renamed Fedora12Firewall. The first step is to change all the file names in the copied directory to match the new directory name (which will become your virtual machine’s name in Player).  The virtual machine directory contains (at least) five files that have the same name as the virtual machine’s name, differing only by their extension.  In the example below, all instances of Fedora12Mini need to be changed to Fedora12Firewall.

How the copied directory looks before changing file names

How the copied directory looks before changing file names

Once that’s complete, open the new Fedora12Firewall.vmx file.  The .vmx file contains most of the configuration settings for the virtual machine. Modify all instances of the original virtual machine name (Fedora12Mini) to the new name (Fedora12Firewall) in the .vmx file. While you have the .vmx file open, note two lines you’ll need to look for later.  These are the lines that start with ‘ethernet0.generatedAddress‘ and ‘uuid.location‘. These values are equivalent to the HWADDR (or MAC) and UUID values in your operating system’s configuration.  Both of those values are intended to uniquely identify your network card and computer, respectively. When you start the virtual machine, these values will be regenerated for your new virtual machine, and you will need to update your virtual machine’s configuration with those new values. Before starting the new virtual machine, you still need to make one more file name change, this one in the .vmxf file; change the original virtual machine name to the new name, just like you did in the .vmx file earlier.

The generatedAddress and uuid lines in the .vmx file

The generatedAddress and uuid lines in the .vmx file

Start the VM by starting VMWare Player, and then clicking “Open a Virtual Machine”. Navigate to the new directory and open the .vmx file in that directory.  Now click “Play Virtual Machine.” Shortly after doing that, you will be asked if you moved or copied the virtual machine.  When asked, say that you “copied”.  The virtual machine will then start up.

VMWareCopy3

The network adapter will fail upon startup. You’ll know this because you will not be able to make any network connections.  Verify this by executing ifconfig and looking for the IP address of the eth0 controller:

Results of ifconfig

Results of ifconfig

Note there is no ethernet controller (there should be at least an eth0 setting). This is happening because Fedora’s configuration files do not match the changes made to the virtual hardware that were made when you told Player that you copied the virtual machine.  To fix this, open up the .vmx file on the host and note the new ethernet generatedAddress and UUID location values.  Open /etc/sysconfig/networking-scripts/ifcfg-eth0 on the virtual machine and enter the contents of the ethernet0.generatedAddress line into the HWADDR line in ifcfg-eth0, and the uuid.location contents into the UUID line in ifcfg-eth0. Copying ethernet0.generatedAddress to ifcfg-eth0 is straightforward, but the UUID value isn’t formatted the same as in the .vmx file.  When updating ifcfg-eth0 with the new UUID, just ensure that it follows the same pattern of 4 bytes-2 bytes-2 bytes-2bytes-6 bytes.  The easiest way I found to do this was to just add a new UUID underneath the existing UUID, then deleting the original UUID when finished:

ifcfg-eth0 after updating HWADDR and UUID, but before deleting original UUID

ifcfg-eth0 after updating HWADDR and UUID, but before deleting original UUID

After deleting the original UUID value and saving ifcfg-eth0, restart the virtual machine. (An aside: I’m not completely sure a full system restart is necessary here.  I tried to restart the networking service [service network restart], and the changes didn’t seem to take effect until after the full system restart.) You should now have an IP address, and all will be good with the world.

Tags: , , ,
Posted in Hardware and Servers |

Gartner tells network administrators to “Release the Hounds”

Monday, October 19th, 2009

CNET reports that Gartner execs have told the crowd attending Gartner Symposium that it’s time to relax the network restrictions a bit:

[Gartner analysts] argu[ed] that corporate computing departments shouldn’t block social networking and that security shouldn’t completely lock down communications with the outside world. And even if information technology authorities want to shut down such activity, they can’t.

That is quite a change from IT “lock it all down” policies that I’ve seen spiraling out of control.  In my mind, it would be a welcome change. Lockdowns of corporate networks have gone past the point of annoyance into the realm of complete productivity busting. Over the last year, I’ve encountered being blocked from reading essential information regarding Linux system administration (reason: bikinis and/or lingerie. Seriously.) to being locked out of my corporate network entirely due to a password change that didn’t propagate to my maven settings (lost time: roughly four hours).

What’s amusing is, as the article says, blocking is futile.  I was able to get to the blocked Linux forum by using my iPhone.  I can do the same with social networking services.  Ditto instant messaging services that are also actively blocked. The only drawback is that is takes a bit longer.

I’ll just have to wait and see if this takes hold in the corporate world.

Tags: , ,
Posted in Productivity |

Why I hate proxy servers

Wednesday, September 23rd, 2009

“Hate” is a strong word. It’s also a massively overused word. I avoid the use of “hate”, reserving it for the most heinous of nouns.  One such noun is “authenticating proxy server.”  Fortunately, for most of my career, I’ve managed to avoid workplaces in which these roadblocks to the Internet are used.  That is, until my current job.

A brick wall

A brick wall

There was an issue that arose recently that perfectly exemplifies why I hate the proxy server. Somehow, probably through the proxy server itself, I managed to have my account locked out.  While I remained logged in to my workstation, I could not access any resources outside the proxy server. The application I was using apparently needed access to the Internet to phone home (perhaps validating registration or checking for updates), and because my account had been locked, I couldn’t get through the proxy server. When the application couldn’t complete the call home, it decided to crash. Net result: I lost about 30 minutes worth of work.  All because the proxy server was there ensuring that I didn’t go to nasty porn sites.

A similar issue occurs with some development tools, namely Maven.  During a build, Maven checks public repositories for updated libraries used in the project.  If you do not have proxy settings just right, Maven cannot access those repositories, and the build will fail.  Again, all for a little perceived extra security.

The rules in place for the proxy server to block a site appears to be completely random.  On several occasions, I’ve Googled something I was researching, and find the golden nugget of information I needed, only to have the site blocked because it had been tagged as “a BLOG”. OH MY GOD NO, NOT A BLOG! Fortunately, I was able to get around that problem by either looking at Google’s cached version of the page, or using a mobile broadband modem to view the actual site, but either solution meant that I wasted time.

The time lost due to data loss, build problems and blocked research is significant. This happens at least twice a month, and there have been days where this has happened twice or more.  Each “outage” costs me at least a half hour, more when you consider the “in the zone” time that’s lost.

My takeaway from this is that there is less concern about getting things done than there is about blocking questionable content from the Internet.

Tags: , , ,
Posted in Productivity |