11 Dec

Upgrading the VMware Harbor

VMware Harbor is a docker images registry. You can use it instead of docer registry from official repository.

I lately decided to upgrade my local Docker registry installation. I use VMware Harbor as a Docker registry – In my opinion, it is much better and easier than official registry software. Recently I upgraded it from version 1.5.1 to 1.6.2.

VMware Harbor runs in containers which simplifies managing the software, but the upgrade is not straightforward as you may think. Most significant change is database consolidation. Instead of separate databases for Harbor, Clair and Notary version 1.6.0 introduces a single database engine for all components – the PostgreSQL. The 1.5.0 Harbor uses the MySQL, while Clair already uses the PostgreSQL. The developers prepared a dedicated container with migration engine that performs all the work. However, I found upgrade documentation missing the crucial explanation of steps and commands which may lead to loss of your data. I will try to cover my findings in this post.

Read More
08 Oct

REST API in VMware Workstation 15

VMware Workstation

If you have a small home lab or use virtualization on your desktop PC or laptop you must hear about VMware Workstation – a hosted hypervisor that runs on the x64 version of Windows or Linux. It is a really good product for all engineers and enthusiasts that do not have or don’t need dedicated server-class hardware for they work. You can even run ESXi hypervisor as VMware Workstation virtual machine. What you could not do is manage the configuration and virtual machines in a programmable way. You had to do everything manually via GUI interface. Not anymore! The gap is filled with the REST API in VMWare Workstation 15 release that hit the market late September.

The REST API features are limited to 20 operations including the most essential ones and match the features in VMware Fusion 10. This includes VM management, VM power management as well as host and guest virtual networking. Let’s take a quick look at how it works.

Read More
24 Sep

If you build containers Alpine Linux is your friend

This post is related to Docker and automation

Every container image must start from a parent image or base image (the scratch). The parent image is the image you base your image on. The base image is like a completely empty container you need to fill with content. But in most cases, you will use another image as a parent, and you want it to be as minimal as possible. The Alpine Linux is your friend – remember this name and use it as much as possible.

Read More
27 Mar

Add new interface to vSRX on VMWare Workstation

Sometimes you want to add a new interface to existing virtual router. I am sure everyone will agree with me that creating new virtual router from scratch and then moving the running configuration on it is far away from flexible approach – you want to modify existing instance. Adding new interface on vSRX on VMWare Workstation should be as simple as adding new PIC card on the physical device. There is just one thing you need to remember about.

First, you need to power off your virtual machine. At such point, I usually also make a snapshot of the VM in case of any problems. Then add new Network Interface in VM settings like for any other virtual device running on VMWare Workstation hypervisor, and assign all parameters as required. If you boot the vSRX now, you will get stuck at Wind River Linux login prompt

Wind River Linux login prompt

Wind River Linux login prompt on vSRX – remember that vSRX run as a process on Linux operating system

It is hard to guess at this point why it is not booting into JunOS. The only thing we changes is the new NIC we add. Indeed this is the source of the problem. vSRX requires NIC type defined as vmxnet3 device type, while for VMWare Workstation it does not default.

To fix this go to the folder where you store your virtual machine and find the file with .vmx extension. That is configuration file of the VM. In the end, you will see latest entries which cover newly added NIC. The index will differ depending on how many NICs you already have.

ethernet3.pciSlotNumber = "256"
ethernet3.connectionType = "custom"
ethernet3.addressType = "generated"
ethernet3.vnet = "VMnet19"
ethernet3.displayName = "VMnet19"
ethernet3.present = "TRUE"
ethernet3.generatedAddress = "00:0c:29:b1:f5:c4"
ethernet3.generatedAddressOffset = "30"

To define NIC type, you need to add one line to the configuration file

ethernet3.virtualDev = "vmxnet3"

Now vSRX will boot as expected and you will find the new interface in show interface terse output.

23 Nov

Dynamic VIRL inventory for Ansible playbooks

Ansible is one of the powerful tools providing us an automation of recurring tasks. In the current world, it is impossible to manage infrastructure manually efficiently. Many people still do this but the world has already changed and we need to progress otherwise our business will be cost ineffective. You can provide static inventory – list of the devices where you want to execute the playbook. But in dynamic environments, such as Cisco VIRL simulations you don’t want to edit inventory file manually. That is why I use Python script that will generate Dynamic VIRL inventory for Ansible playbook for me.

Read More

13 Oct

How to install multiple ASAv firmwares on Cisco VIRL

Cisco VIRL

Cisco VIRL is powerful network simulation tool. There are weeks when I run simulations 24/7 because of some projects or learning are ongoing. With VIRL you get almost the latest firmware for supported platforms. Almost – sometimes you have to wait for next release for a new firmware to be available. I experienced it a few months ago when with ASA 9.7(1) release Cisco introduced the route-based VPNs (VTIs). At this point VIRL users got the 9.6(2) release bundled into latest simulator release. In other simulation, you may want to use different ASAv firmware versions for various nodes, so your simulation is more similar to your production network.

Cisco VIRL uses real firmware in the simulations. I will show you how you can add different ASAv firmware and use it in parallel with the software available on VIRL repository.

Read More

01 Jun

How to manage simulation in VIRL from local network

Cisco and VIRL logos

I’ve been using Cisco VIRL for over two years for both learning technologies and testing new solutions as PoC. Accessing devices in simulation via embedded console link is easy but not efficient. I always wanted to manage simulation in VIRL from my laptop not desktop PC. Also in many scenarios you  may want to connect external servers like netflow collector or IPAM software you wanna test. Also it’s quite handy to have access to running simulation form Internet, isn’t it?

Let me show you how I connect Cisco VIRL running simulation to other devices in my network and to Internet. In this tutorial I assume that you didn’t change default VIRL networking configuration.

Read More

27 Nov

ESXi 5.5 on VMWare Workstation and only one NIC visible

Something less strictly networking but I started setting up some lab environment on my home PC. It’s good that you can run hypervisors as virtual machines in virtualized environment. I installed two ESX 5.5 hypervisors. ESX by default creates four Ethernet interfaces. First interface is bridged to my LAN, others were supposed to be used for internal connections but it happened that hypervisor itself cannot see them. For some unknown reason only first interface was visible.

It happened that only first network interface is defined as e1000, rest had no interface type definition, therefor VM detected those as some AMD PCI cards and couldn’t use them. Fix for this simple – find .vmx configuration file and add device type manually

ethernet1.present = "TRUE"
ethernet1.virtualDev = "e1000"
ethernet1.vnet = "VMnet3"
ethernet1.connectionType = "custom"
ethernet1.wakeOnPcktRcv = "FALSE"
ethernet1.addressType = "generated"