Nutanix AHV Networking – What’s New

We just made a bunch of announcements about networking enhancements to AHV, and I’ll be posting about them at Nutanix.com.

Here’s an overview of the series:

Part 1: AHV Network Visualization

Part 2: AHV Network Automation and Integration

Part 3: AHV Network Microsegmentation

Part 4: AHV Network Function Chains

And it wouldn’t be a blog post without an image – so here’s a picture of something new 😉

Let’s Encrypt – How do I Cron?

Let’s Encrypt was really easy to setup, but Cron was less so. I kept getting emails that the Let’s Encrypt renewal was failing:

2017-03-09 02:51:02,285:WARNING:letsencrypt.cli:Attempting to renew cert from /etc/letsencrypt/renewal/bbbburns.com.conf produced an unexpected error: The apache plugin is not working; there may be problems with your existing configuration.
The error was: NoInstallationError(). Skipping.
1 renew failure(s), 0 parse failure(s)

I had a cron job setup with the absolute bare minimum:

crontab -e
56 02 * * * /usr/bin/letsencrypt renew >> /var/log/le-renew.log

When I ran
/usr/bin/letsencrypt renew
at the command line, everything worked just fine. I was like, “Oh – this must be some stupid cron thing that I used to know, but never remember.”

Turns out the problem was the cron environment PATH variable. Cron didn’t have access to /usr/sbin and apparently certbot was using that for access to the apache2 binary. The fix was to change the cron to the following:

56 02 * * * /root/le-renew.sh

Then create a script that runs the renewal after the PATH variable is set correctly:

cat /root/le-renew.sh
#!/bin/bash
#Automate the LE renewal process

#Need /usr/sbin for apache2
# https://github.com/certbot/certbot/issues/1833
export PATH=$PATH:/usr/sbin

#Renew the certs and log the results
/usr/bin/letsencrypt renew >> /var/log/le-renew.log

It was a good thing I put the link to the problem right in the script, or I never would have been able to find it again to write this blog.

NOW my renewal works absolutely fine. Problem solved. Thanks Cron.

Let’s Encrypt – Easy – Free – Awesome

I recently saw a news article about StartCom being on Mozilla and Google’s naughty list. Things looked bad, and my StartCom certs were up for renewal on the blog.

I have seen articles flying around about Let’s Encrypt for a while now. The idea seemed awesome, but the website seemed so light on technical instructions that I didn’t know if it would actually work. I wanted to know EXACTLY what lines it would propose to hack into my carefully manicured Apache configuration. And by carefully manicured, I mean “strung together with stuff I copied and pasted from stack overflow“.

I couldn’t find the information I really wanted – so I just JUMPED in and started installing things and running commands. 30 seconds later, I had a fully functioning cert on my site. I was blown away. It copied my existing non-ssl vhost config and created a new vhost with SSL enabled. All I had to do was enter my email address, select the vhost to enabled SSL for, and hit GO.

I had to put in a crontab entry myself to get the auto-renewal to work but that wasn’t so bad. I would hope they improve that in the future – but cron is no big deal.

I’m interested to see if everything works when my web certs expire 90 days from now! Crazy times. I used to do this and dread it once per year because the process was so manual. Now that it’s automated – I’ll get new certs while I’m sleeping. Woohoo.

Nutanix Performance and IOPS

My colleagues Gary Little and John Williamson are starting up a blog series on Nutanix performance. Have you ever wondered how Nutanix would perform for your application? Do you wonder how Nutanix compares to a traditional SAN? Do you ever wonder what it means to have 1 hojillion IOPS? I know I do – so I thought maybe you would too.

IOPS on Nutanix

I know the blog here has turned into “All Nutanix All The Time”, but I think this performance series is worth a read. Maybe I’ll be posting more about motorcycles, security, and rock climbing in the future. (Oh, I’ve taken up indoor rock climbing) I’ve started using Keybase.io and Signal – so that could also be worth a tech post.

Check out the first Nutanix performance post here.

VMware NSX Software Defined Networking with Nutanix

Take a look at the latest Nutanix solution note, detailing VMware NSX for vSphere in a Nutanix environment. With these two technologies combined, customers can now virtualize their entire infrastructure. This solution note describes common customer use cases and advantages of NSX software defined networking. We also test two important deployment scenarios and give configuration recommendations.

Find more information on my Nutanix NEXT community blog post (upcoming) or download the full solution note.

Light Board Series: AHV Open vSwitch Networking – Part 4

We’re wrapping up our four part series on Nutanix AHV networking today with a look at the User VM Networking. Check out the Nutanix Connect Blog for full details.

We cover the difference between managed and unmanaged networks for VMs. VM networks can be rapidly created through the Prism GUI, the Acropolis CLI, or the REST API.

Cisco UC on Nutanix Webinar

I recently presented a webinar for Cisco UC on Nutanix to highlight exactly how Nutanix could save time and money, while adding features and flexibility, on your next deployment.

Take a look at the live webinar here:

Light Board Series: AHV Open vSwitch Networking – Part 3

For part 3 in our series I want to tackle VLANs in AHV. I don’t actually have a light board video for this one 🙁

What I do have are some diagrams for you to look at!

Here’s the default VLAN configuration that we’d recommend:

acropolis_default_vlan

Here is a non-default configuration where a VLAN tag is added to the AHV host and the Controller Virtual Machine:
acropolis_custom_vlan

 

Learn more about VLANs in the Acropolis Hypervisor here on the official Nutanix NEXT Community Blog. Find complete details in the AHV Best Practice Guide.

 

Light Board Series: AHV Open vSwitch Networking – Part 1

I’m happy to announce the release of the first Light Board Videos I recorded with the Nutanix nu.school education team. These videos were a blast to record. The education team here at Nutanix is top notch and made my scribbles and rambling look and sound great! A video production team is an amazing asset to have sitting behind you in the office!

AHV provides an alternative to traditional hypervisors – and with that alternative comes a new virtual switch! This virtual switch bridges the VMs to the physical network.

To find more information about the video, including all of the rationale behind the decisions made – check out the Nutanix .NEXT Community blog I wrote describing AHV Host Networking.

Here’s the embedded first part of the video. I talk about Open vSwitch bridges and bonds, and how to connect the CVM and the User Virtual Machines to the 10gb or 1gb network interfaces. Follow the Nutanix .NEXT community blog, my site here, or the nu.school YouTube page to watch the rest of the series.

We’ll cover Load Balancing, Managed and Unmanaged VM networks, and more in the coming weeks!