Friday, April 27, 2012

ESXi Admin Authentication Against AD

I have a virtual host that I set up for our Developers to use for testing. I wanted to connect it to the AD domain for authentication. The setup is very easy and straightforward (this is one of those rare times), but there is a specific order in which you need to perform the steps that a few tutorials I read didn't specify.

Everyone leads off with adding the machine to the domain. You first need to go into the Configuration tab of your ESXi host and click Authentication Services. The rest of that step is pretty self-explanatory: select Active Directory as the service type and enter your domain name. You'll be prompted for the credentials of a user with the rights to add machines to the domain. What they forget to mention is that apparently ESXi uses a default admin group called ESX Admins, which you have to create in AD before you add the host to the domain. If you join the machine to the domain first and then create the security group second, the group doesn't show up in the Permissions tab.

Just a quick little note on a small omission that caused me some grief as I tried to set this up.

Wednesday, April 25, 2012

Apache Performance Issues

So, I'm sitting at my desk, minding my business and working on a risk assessment report (by the way, the Commonwealth of Virginia has a goldmine of information and resources on risk management that you should pilfer if you find yourself in need of doing this) when one of our client managers comes over and tells me that his client is reporting slowness using our application. The report is vague (of course), and the manager hasn't tried to access the application himself, so I try to pull some more information out: what client, what's slow, that kind of thing. I pull up the client's page and notice that it is taking a bit longer than it should to load. I ssh into the server and check out some quick metrics: free -m, top, iostat and everything looks fine. Server doesn't seem to be under load.

As I'm doing this a few more managers come over to report the same thing. Multiple clients have been contacting them to say that their setup is sluggish. So, we can safely rule out a network issue on the client side since these people are scattered all over the country. My heart drops as I realize we may be facing a larger issue. I check out Nagios, and all is green. I start to log into each of the servers that play a part in delivering content and make sure that all is well with the basic server resources. No one is eating up CPU time, no one is running low on memory, no one shows any kind of disk degradation. MRTG shows pretty low bandwidth utilization over all. So, we've ruled out bandwidth and server resources. I have one of the developer's check out MySQL and make sure no one's running some sort of super-large query or that the replication setup hasn't started affecting performance in some way. Everything's good.

I get reports that performance is getting back to normal for people, and indeed one of the sites I was testing earlier loads faster. Everything seemed back to normal. But, what are the first two things out of a manager's mouth after something goes wrong/breaks down? "Is it fixed?" and "What happened?" Due to that and my own curiosity, I kept looking into it. It seemed to me that everything had been ruled out except for one common aspect, that being the Apache server. The details of of our application are that some services go through Tomcat, some go to the databases directly, but everything goes through Apache so given the scope of the problems, Apache was really the only other common denominator outside of the network, which had been cleared of wrongdoing.

Wednesday, April 11, 2012

OpenLDAP Installation and Setup

  1. Never trust the IT person who waves their hand dismissively and tells you that installing/configuring anything is "easy"
  2. Even if you're a stone-cold Windows admin, there is a lot to be gained from learning to install/configure something in Linux (shell, not GUI)
I'll discuss both bullets in relation to OpenLDAP, with the understanding that this applies to just about all software/applications and protocols. I'm talking DNS, FTP, Joomla, whatever. 

Tuesday, April 3, 2012

Form, Function, Design

I'm not a web designer. I don't know much beyond basic HTML/CSS, and certainly design, which many people forget is a separate concept, is not my forte, but I can tell when a site's functionality has not been thoroughly considered. And you know what? It drives me bonkers. Your site can be the prettiest, flashiest thing around, but if you don't deliver a user interface and experience that makes sense...well, fix it.

I would normally not call out a website that I believe falls into this category (because again, who am I?) but I have just had the most aggravating experience on and I have to, just HAVE TO, vent about it. 

We were looking for a place to crash in NY this weekend. We're going up to visit some friends and have a place to stay every night except Sunday. My wife found this site,, and asked me to take a look at a few listings and take over actually booking us somewhere. No problem, dear. So at o-dark hundred I follow up on this task (I had to get in the required Skyrim time after all). Maybe it was the late hour that made this so frustrating, but here's what happened: