Fixing (some) access errors in Veeam

I just spent a couple of hours troubleshooting a stupid problem where I got access errors when trying to backup a VM from a newly-installed Veeam server. Searching forums for answers I got red herrings all over the place, from opening up the Windows Firewall for RPC traffic, to removing Veeam VSS files from various folders and shares, to purging keys in the Registry.

It turned out none of that was the cause of the problem, but instead I had re-discovered an issue I’ve seen before: For some reason, Veeam sometimes won’t work properly with UPN logons (username@domain) but instead requires Down-Level logon names (DOMAIN\username). Changing that fixed the problem.

Playing around with benchmarks

So I just rebuilt my little home server RAID from LVM+Ext4 to ZFS, changing the layout from RAID5 to RAID1+0, consisting of a pool of two mirrored disk sets.

Since I’m a cheap bugger frugal, I still run a small HP MicroServer Gen7 (N54L) with only 2 GB of RAM, which I’ve filled up with 4 x 3 TB WD RED drives for storage, and a 60 GB SSD for the system.

As everybody knows, the only difference between screwing around and science is writing it down. I was slightly too eager to get started to remember to benchmark my old file system, so I guess any future changes will have to be compared to the current set-up. Continue reading “Playing around with benchmarks”

Apple Smart Keyboard First Impressions

Having just received my Smart Keyboard for my iPad Pro 9,7″, I thought I’d write a little about it.

The first thing I was slightly apprehensive about was naturally how it would feel to type on it. The Apple tables in stores don’t really lend themselves to actually testing that aspect realistically. It turns out I worried unnecessarily: The cupped shape of the keys, along with the relatively large gap between them makes it very comfortable for me to type on the keyboard. Going from my Retina MacBook Pro or Magic Keyboard to the Smart Keyboard is almost completely seamless for me. It’s comfortable enough on a table, but what’s interesting is that thanks to its strong magnets, it actually works in my lap while half-lying in a couch too. At least as long as the iPad itself keeps its center of balance towards the rear support.

The keyboard itself supports almost all shortcuts and key combinations I’m used to from Apple’s computer keyboards except for those that require the use of the Fn key, which on the Smart Keyboard is replaced by a shortcut to switch between keyboard layouts.

As I am used to writing on a Swedish keyboard but often write technical documents in English, I soon encountered a situation that could have turned the Smart Keyboard into a dud for me:
How does it handle typing in one language while using the keyboard layout of another language? The autocorrect dictionary in iOS is tied to the chosen keyboard layout. Turns out Apple thought of that issue long before I did. When I did, I was very happy to see that under General Settings, there’s a button called Hardware keyboard. Thanks to it, it’s possible to turn off text autocorrection while using a physical keyboard while retaining the function when typing on-screen, where special characters are chosen visually anyway. This is one of those small things that makes me fond of Apple. This need of mine probably represents a pretty small percentage of Apple’s customers, but one of their developers thought of it and implemented a solution that makes switching from tablet mode to “almost laptop” mode completely seamless.

So are there any drawbacks to the Smart Keyboard?
Not a lot of them. One thing I noticed quickly is that the edit field on some forums doesn’t capture the cursor keys: Marking text using various combinations of Shift, Option, Command and the cursor keys is somewhat hit-or-miss across different sites on the web. In WordPress it works perfectly, but on the MacRumors forums touching any of the cursor keys while in the edit field scrolls to the bottom of the page. At this point I have no idea where the problem lies, but it’s a bit frustrating since selecting text is a chore using fingers on a touch screen.

All in all, and in my use case, the Smart Keyboard complements the iPad Pro perfectly, and I can definitely see myself leaving for an extended vacation without bringing my computer along largely thanks to it. Time will tell whether I’ll stay happy with this combination or if I’ll rather invest in an ultralight laptop the next time I have to replace my hardware.

 

 

 

 

Monitoring Keepalived with SNMP on Ubuntu 14.04

Introduction

Using keepalived in combination with a couple of HAProxy instances is a convenient yet powerful way of ensuring high availability of services.

Network map, Normal
Load balancer pair in normal state

Up until now, I’ve considered it enough to monitor the VMs where the services run, and the general availability of a HAProxy listener on the common address. The drawback is that it’s hard to see if the site is served by the intended master or the backup load balancer at a glance. The image to the right shows the intended – and at the end of this article achieved – result, with the color of the lines between nodes giving contextual information about the state of the running services.

Monitoring state changes could naïvely be achieved by continuously tailing the syslog and searching for “entered the MASTER state”. This would be a pretty resource-intensive way of solving the issue, though. A less amateurish way to go about it would to use keepalived’s built-in capability of running scripts on state changes, but there are a number of situations in which you can’t be sure that the scripts are able to run, so that’s not really what we want to do either.

Fortunately, keepalived supports SNMP, courtesy of the original author of the SNMP patch for keepalived, Vincent Bernat. In addition to tracking state changes, it potentially allows us to pull out all kinds of interesting statistics from keepalived, as long as we have a third machine from which to monitor things. Let’s set it up. Continue reading “Monitoring Keepalived with SNMP on Ubuntu 14.04”

Setting up my gaming computer in Ubuntu 16.04

This is really a how-to for my personal hardware setup in case I want to try other distributions or operating systems on my gaming computer down the line. However it may be helpful to anyone who would like to play games or run flight sims in a Linux environment. What? Stranger things have happened!

Continue reading “Setting up my gaming computer in Ubuntu 16.04”

SSL load balancing with HAProxy in VMWare

So this is a new project I’ve recently finished.

Objective
Create a secure high availability (HA) load balancing service spreading user load across two pairs of two servers, providing two different sets of services:

One service requires SSL passthrough, while the other is a websockets connection over SSL, where the use of a proxy demands SSL termination. Securing communications with the web backend for the latter is done by routing the traffic via an OpenVPN tunnel.

The software I’ve chosen for this, is HAProxy 1.5 on FreeBSD 10.1-Release, running in a VSphere 5.5 environment.

Continue reading “SSL load balancing with HAProxy in VMWare”

OpenVPN 2.x and Windows Firewall

The documentation for OpenVPN is pretty good, but I found a detail that may cause some confusion in a Windows environment, so I thought I’d address it here:

What do you do if you need to run OpenVPN but still want the Windows Firewall to work on your Windows server?

The background for this issue is how Windows decides what profile to use for a specific network: It reads the gateway address. The TAP interface for OpenVPN doesn’t automatically receive a gateway, so the network profile for it will be “Unknown network”, and so it won’t allow the necessary traffic for the OpenVPN connection to be properly established.

So what do you do?

First, open up a port in your firewall to allow for the initial handshake to be made between the client and the server. By default, this is UDP port 1194. Then we need to take a step back. We don’t want to open an uncontrolled pipe from the VPN client to the server, which is exactly what happens if you turn off the firewall for the VPN TAP device.

Instead, we’ll do two things:

1) Give the OpenVPN TAP device a gateway. In the server configuration for OpenVPN, you assign a subnet to be used by OpenVPN. The server will be [subnet].1. The gateway will be [subnet].2.

2) Some people claim that the above doesn’t always work unless you set the status of the TAP device to “always connected”, so let’s do that.

The result?

You now have control over data in the VPN tunnel too, using Windows firewall, meaning that you can stop unwanted traffic within the tunnel easily.