Move linux XenServer guest virtual machines to VMWare

I was working on a project to move a bunch of virtual machines from a XenServer 6.5 cluster to VMWare ESXi with vSphere 6.5.  The windows guest all moved over without issue using VMWare's vCenter Converter.  The linux guests all gave me issues though. I could move them over but but thy would not boot up afterwords.  I'd simply get a black screen with a blinking cursor in the upper left.  I spent hours troubleshooting.  Many false starts later I finally stumbled across this script that solved my problems.

Please download/copy the xen-vmware-prep.sh script from https://gist.github.com/kamermans/184192af5a16124ec623

1.  Snapshot the source VM in XenServer console.  The script makes changes to the system that will name it unbootable in Xen.
2. Copy the xen-vmware-prep.sh script to the source server and run as root.
    
   
3. Use VMWare vCenter Converter to live copy the source vm over to the VMWare infrastructure.
    
   
4. Shutdown the source system and boot up the copy on vmware.
 

NOTE: I did not write this script and do take any credit for the it.  It saved my bacon and is thus worth promoting.    

Kwikee Lectro-Matic RV Step Repair

I recently purchased a 80's motor home that has a Kwikee Lectro-Matic automatic step.  The step did

work, unfortunately not very well.  It moved about about a quarter way through it's full motion, but would not extend or retract completely.   Being the cheap SOB that I am I'd rather spend 20 hours fixing somethings than several hundred dollars replacing it.

Almost all of the information and/or troubleshooting guides I've found online covers the newer Kwikee steps produced from roughly 2000 on.  The information in this post covers much older units.

Description

 The unit I'm working on is was factory installed in a 1983 Holiday Rambler motor home.  The system is comprised of the step, motor assembly, control unit, switches, and wiring.

I found a label on the right outside edge of the base plate mounted to floor of the motor home. Because it was right next to the wheel well it was not easy to get to.  I ended up using my phone to take a picture just to read it.  It's a model number on the sticker is 2834 which indicates that this is a 34 series step.

Most of the wiring runs through the walls/flooring of the coach. There is a rocker switch next to the door for on/off control and a push button switch in the door jamb that signals the controller that the door is closed.  In my case at least,  all the wiring that wasn't buried is in very good shape.

The control unit is mounted in the bottom of a cabinet inside the motor home near the door.  It has a nice wiring diagram on the front.  The part number for the control unit is 6020-050.

Controller Unit

Inspection

The first step is to inspect the step for physical damage.  Make sure none of the linkage bars are bent or broken and make sure the base plate is securely attached to the underside of the RV.  Disconnect the pin connecting the motor to the steps and manually move the step through their full motion. Make sure there is no binding.

Remove the motor assembly open and open up the gear case.  Inspect the gear for missing or broken teeth.  This seems to be a common problem.  If the teeth on the gear are broken you may be able to turn it 180 degrees so the broken teeth are not used.

Motor Assembly Diagram

Lubrication 

Almost every guide I've read on the steps recommends lubricating the joints, and everyone has a different opinion on what to use.   Kwikee sells their own branded lube, but you pay a huge premium for a of bottle of spray grease that I'm sure is nothing special (I mentioned I'm a cheap SOB).  I've read recommendations for motorcycle chain lube, dry lube for RV slide outs, silicone spray,  and garage door lube. I ended up using a spray white lithium grease.  Don't use WD-40 or penetrating oil.  They will just dry up.   In my case lubrication did not help much.  

Motor replacement

After quite a bit of research I discovered that he drive motor for these units is actually a power window motor from late seventies GM vehicles. You can get a remanufactured (supposedly remanufactured at least, see the notes at the end) replacement at Autozone or Oreilly using Cardone part number 42-16.  Napa sells the same motor using part number RAY 4916.  If those don't work tell the parts person you need the power window motor for a 1976 Cadillac Deville.

The replacement units do not include the gear assembly shown in the picture.  (Note: The gear assembly simply pulls straight up to remove.  It seals in quite well and can be difficult to get out.)

The gear housing attached to the motor was modified by Kwikee. See the comparison picture bellow. The part number cast inside is the same on both units.  They removed two of the mounting pillars and ground them flat.  The right mounting hole was drilled through, the bottom mounting hole was tapped, and a hole was drilled in the indentation at the top of the housing.

Kwikee modified on left. Stock on right.

Rather than trying to modify the gear housing on the replacement motor I decided that swap the housing from my old motor to the replacement motor.  Remove the three long screws at the back of the motor and the housing slides right off.  I ended up getting a replacement motor off of a 1979 Buick LeSabre from the junkyard.  The gear housing from this car is slightly different but since I was swapping the housing all I needed was the motor which was identical.

While you in there make sure to  grease everything well.  I didn't get a picture, but the 30 year old grease was completely dried out and more sludge than lubricant.s

Control Module

Replacing the motor on my unit made a big difference, however the step still would not retract completely.  So, I started looking at the control module.  Opening it up I found the typical relays you would expect.  The contacts on one of the relays had quite a bit of carbon buildup from years of use.  I cleaned up the contacts with some sandpaper and reinstalled it.  Success! Now, the step finally moved all the way through it's motion.

"Remanufactured" Window Motors

If you get a remanufactured window motor pay very close attention to what you are getting. Supposedly these parts are completely rebuilt with refreshed magnets, and the internals are replaced. I went to my local auto parts store and picked a part manufactured by Cardone.  Since I was swapping the head unit I had to open it up only to find the inside was completely rusted and it still had burnt wires! It looked like their rebuild process was to slap a coat of spray paint on the outside. Caveat emptor!

Resources

Kwikee Service Manual - The manual covers a a large range of Kwikee steps.  Most of the information is on the newer style motor and controller, but it does include basic specs on the older models.

Kwikee Steps model 2500-8300 manual - A collection of pictures of the original install / troubleshooting manual.  The quality is not the best, but there is a lot of good information

GM Power Window Motor Lifts - Nice forum posting with historical and part number information on GM power window motors.

Installing Singer Sew-Ware Conversion Tool under Windows 7

With the impending demise of security patches for Windows XP I decided that I needed to try and get the Sew-Ware conversion application running on a newer OS.  My mother uses this application extensively to transfer embroidery files to her Singer Quantum XL-6000 Embroidery machines.  She has been stuck back on XP for years because everyone said that running running this software under a newer OS was "impossible".  For an "impossible" task the solution ended up being a whole lot easier than I expected.

Get a computer with a newer OS.  I used a fresh install/patched version of Windows 7 on a spare laptop I had.  I'm fairly confident that this would work with Windows 8.x as well but have not tested yet.

UPDATE: I installed Windows 8.1 on a test system and confirmed the exact same procedure works under for it as well.

Install the Sew-Ware Conversion Tool application.  Just a standard install for the most part.  However the install did hang at 100% when running on Windows 7 and I had to manually "End Task" to kill it.  I assume there is a minor incompatibility with the install app.  It does install all the files, it just does not create the start menu icons.

Create a new shortcut on the desktop. With the installed done (and killed if necessary), open Windows explorer and browse to the C:\Sew-ware_CT folder (this is the default install location,  if you installed to a different folder open it).  Scroll down and find the CTSew_warre application file, right click it and select "Create Shortcut".

Then drag and drop the shortcut on to the desktop.

Note: At this point if you open the Sew-Ware application by double clicking the icon on the desktop you'll see the "Error in cportio.sys driver" message.

Set Compatibility options.  Right click the desktop shortcut and select Properties and then the Compatibility tab.  Check the "Run in program compatibility mode for:" box,  select "Windows 98 / Windows ME" in the drop down and click OK.  This is the secret sauce that makes it all work.

When you launch the Sew-Ware application you will be shown the UAC warning.  Click Yes to proceed.

Open a file and select "Transmit to machine".  You'll need to select the correct com port and speed for the connection. Click "Wait to Send", start the transfer from the embroidery machine and let 'er rip!

Note: When I first started testing this I was using an older Belkin USB to serial adapter.  The adapter worked fine for transferring form an XP system, but under Win 7 it would hang half way through.  I could see it sending and receiving from the PC and the machine, so I knew it was at least communicating.  I tried a couple of no name brand USB to serial adapters and they worked fine.   So, be warned, if you're using a USB to serial adapter there could be compatibility issues between it and Windows 7 as well.

Virtualization Performance with Ubuntu and VMWare or Virtualbox

I've been using Linux as my primary OS for a couple of years not.  However, as a network guy I still need a windows box around for various tasks.  Mostly because the company I work for uses GoToMeeting online data conferencing and they lack Linux support.

I've found using a Virtual install of Windows to work  best for my needs.  A couple of months ago I built a new Windows 7 virtual install but it suddenly slowed to a crawl!  When I first built the box it would boot up to the login prompt in about 30 seconds.  More recently it was was taking more like 5 minutes to boot up.  And when it was my entire host Linux box was slowed down as well.  I noticed that disk utilization was through the roof when this was happening.

Further inspection showed that the host was swapping to the disk like crazy while the VM Windows install was booting up.  The swapping combined with the disk access of the VM overloaded the physical disk system and brought everything down with it.   I've got 4 GB of ram on the system, so I should be able to run the VM with a couple of gigs so RAM and still have enough left over for the host.

The solution to the issue was to decrease the swappiness of the host system.

sudo sysctl vm.swappiness=10
The swappiness setting effects the algorithm that controls when memory is swapped to disk.  The default value on Ubuntu systems is set to 60.  I lowered it down to 10 and have seen a HUGE performance improvement when running the VM!  I've since verified that that work with VMWare or Virtualbox.

Please the SwapFAQ article for more information.

Running junipernc on 64 bit Ubuntu 11.10

So I just got a new laptop and set it up with 64 bit Ubuntu 11.10 (It has 4GB of memory).  I figured I'd just use the procedure I documented here to run the Juniper vpn client.  Unfortunately this did not work.  The gui dialog never opened and it never connected.  The junipernc script writes log files to the /tmp directory and I found the following error: \


Exception in thread "main" java.lang.UnsatisfiedLinkError: /home/ericw/.juniper_networks/jdk1.6.0_30/jre/lib/i386/xawt/libmawt.so: libXtst.so.6: wrong ELF class: ELFCLASS64
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1807)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1703)
at java.lang.Runtime.load0(Runtime.java:770)
at java.lang.System.load(System.java:1003)
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1807)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1724)
at java.lang.Runtime.loadLibrary0(Runtime.java:823)
at java.lang.System.loadLibrary(System.java:1028)
at sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:50)
at java.security.AccessController.doPrivileged(Native Method)
at sun.awt.NativeLibLoader.loadLibraries(NativeLibLoader.java:38)
at sun.awt.DebugHelper.<clinit>(DebugHelper.java:29)
at java.awt.Component.<clinit>(Component.java:566)
Could not find the main class: NC. Program will exit.

I'm no expert, but it looks like the 32bit version of Java is trying to use a 64 bit library (libXtst.so.6).  My solution at this point is to run the junipernc script with the -nojava option.  This avoids the java issue altogether, but without the gui I don't know when it's connected or not.  This is not an ideal situation, but at least I can get access to my company network.

UPDATE
In the comments quickfix recommends installing ia32-libs:
sudo apt-get install ia32-libs

How SOPA Benefits Cyber Criminals

The Online Piracy Act (SOPA), also known as H.R. 3261, is a bill working it's way though the House that promises to end piracy over the Internet.  The crux of internet piracy is offshore web sites that the government can't control.  Shutting down the web sites is almost impossible, so the bill provides a mechanism to disrupt how the sites are accessed using the Domain Naming System (DNS).

For those non technically inclined, DNS is the protocol use by web browsers to find the IP address of a web server.  It's very similar to a phone book (you remember those).  Back in the dark ages when you wanted to find how what time Bob's Auto Shop closed you pulled out the yellow pages, found the Automotive Services category and then found Bob's Auto Service.  This provided you with Bob's phone number which you then dialed into your phone to call Bob.  In the enlightened age of the Internet you go to your browser and type in www.BobsAutoService.com. Your browser then contacts the DNS server supplied by your Internet Service Provider (ISP) and asks whats the IP address for www.BobsAutoService.com.  When the browser gets the reply from the DNS server it contacts the web site using the IP address and downloads the page that you want.

One of the provisions of the SOPA bill would allow the Department of Justice or any rights holders to establish blocks on DNS requests for domains that they believe are hosting copyright infringing content.  So, when your thirteen years old daughter trys to go download the newest Justin Bieber song from SvensMusicDownloads.com the browser contacts the ISP's DNS server to get the IP address.  However, since SvesMusicDownload.com is now on a block list the ISP's DNS server simply responds that it can not find it. 

To return to our phone number analogy all this does is make the IP address unlisted in your local phone book.  All anyone needs to do is find a phone book that still has the number listed.

So, your thirteen year old daughter really want's that Justin Bieber song.  Her friend Susie's older brother gave her a tip that if she sets the computer to use 10.154.165.37 as the DNS server she can download her music.  He herd about it from his buddy Steve who has an internship with IBM, so Steve knows what he's doing on the Internet.  Plus, Susie's brother has been using this server for weeks and he can still get to Facebook AND download all the music he wants so it MUST be all right.  She makes the change and wow, she can download her music again.  All is right with the world.

Unfortunately your thirteen year old daughter, her friend Suzie's brother and even Steve the college intern did not know that the 10.154.165.37 server is actually run by a Vladimir's Cyber Crime Gang.  Vladimir setup the server to return legitimate IP addresses for every web site on the Internet.  Except for for a couple of large banks!

A couple of days later you sit down at the computer to pay your bills.  You open your web browser to www.BankOfAmerica.com and see the same login page that you always use.  However, on the back end your browser requested the IP address for www.BankOfAmerica.com form Vladimir's DNS server.  Instead of providing the real IP address for your banking site it provided the ip address for Vladimir's web server.  Your browser actually connects to Vladimir's web server but you can't tell the difference. Even the SSL security icon in the browser bar is green like it should be; the SSL security features in your browser also rely on DNS. You enter your password into the page get all those pesky bills paid and never notice anything is wrong.  Vladimir's web server was acting as a middle man between you and the bank web server.  Vladimir now has your password.  A week later you log back in and see that your savings account has 27 cents left in it.  Thirty thousand dollars has been transferred to a bank in the Caymans.

DNS is a VERY important part of the Internet.  It is at the foundation of how the Internet works.  This is just one example of how mucking with it can and will break the Internet!   Please cal your Congressmen, write your Congressmen, do what ever you need to do to get this bill stopped!

Using junipernc script under Ubuntu 11.10.

Getting the the Juniper Network connect client to work under Ubuntu can be a bit of a challenge. I learned quite a while ago that it requires the Sun / Oracle versions of Java, openJDK will not work. If you try using the openJDK Java you will quickly see the “Session Timeout” error when connecting.

With previous versions of Ubuntu I simply installed the sun jvm from the repositories and reconfigured the system to use it rather then openjdk. However, Oracle has decided to change the licencing requirements and newer versions of Java are no longer available in the repositoy. Now I could manually download and install the Oracle Java for the entire system to use, but then I’d have to manually keep it updated. I much prefer letting the package manger handle updates (so they actually get done).

My solution this problem is to setup a dedicated Oracle Java install that is only used by Network Connect. As an added benefit it uses the junipernc script, which in my opinion is much easier to use.


Here is what you need to do:

1. Download and save the junipernc script.
2. I like to put it in ~/bin. Don't forget to make it executable.
   mv ~/Downloads/junipernc ~/bin
   chmod +x ~/bin/junipernc
3. Browse to your company vpn site and log in. (no need to install the correct java first) Click “allow” any any warnings and ctrl-c when it asks for the root password. This will download the files into the ~/.juniper_networks folder.
4. Download the Oracle jdk .bin installer. Make it executable and execute to extract the files. Move the jdk directory to the .juniperNetwork
   chmod +x ~/Downloads/jdk-6u29-linux-i586.bin
   ~/Downloads/jdk-6u29-linux-i586.bin
   mv jdk1.6.0_29/ ~/.juniper_networks/
5. Temporally update the PATH and run .junipernc for the first time.
   export PATH=~/.juniper_networks/jdk1.6.0_29/bin/:$PATH
   ~/bin/junipernc
6. You should get a notice that initial setup requires administrative privileges. Enter your password several times Enter your server name, user name and realm. ( check out Issue #2 on this blog entry to determine your realm) Enter your password or securid/pin.

Why this works
In step 4 we temporally added the path to the downloaded Oracle Java install BEFORE the existing path. The junipernc script finds the Oracle Java version first and uses it (because it’s first in the path). This allows us to connect and all is good with the world. The junipernc script also writes the path to java in the ~/.vpn.default.cfg file. On subsequent execution of junipernc it uses the path in the cfg file.

Note:  None of this would be possible without the junipernc script developed by Paul D. Smith. Please check out his site (http://mad-scientist.us/juniper.html) for more information.