Gravity Rush 2 promo video for Hong Kong/Japan

Robert Heinlein?

Well probably not. While looking online for something I eventually fell through to youtube, and got this commercial for some new PS4 game. I thought it was kind of interesting. I guess there is something to be said of Asia for cats, tall buildings, and breaking the laws of physics, and bending gravity and all that.

While I do have a PS4 I really haven’t had time to really use it. And the Xbox ONE I do have ends up getting used to play… You Tube videos.

Firefly-Host-6.0-CloudSDK fun in “modern” times

Getting started

Ugh. nothing like ancient crypto, major security vulnerabilities, and ancient crap.  So first I’m going to use Juniper’s SDK (get it while you can, if you care).  Note that the product is long since EOL’d, and all support is GONE.  I’m using Debian 7 to perform this query, although I probably should be using something like 4 or 5.  Anyways first off is that the python examples require “Ft.Xml.Domlette” which doesn’t seem to have a 4Suite-XML package.  SO let’s build it the old fashioned way:

 apt-get install build-essential python-dev
wget http://pypi.python.org/packages/source/4/4Suite-XML/4Suite-XML-1.0.2.tar.bz2
tar -xvvf 4Suite-XML-1.0.2.tar.bz2
cd 4Suite-XML-1.0.2
./setup.py install

Well (for now) and in my case I could reconfigure tomcat to be slightly more secure. Otherwise running the examples gives this fun filled error:

ssl.SSLError: [Errno 1] _ssl.c:504: error:14082174:SSL routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small

Naturally as time goes on this will not work anymore, and I’ll need a stale machine to query this stale service. Using ssl shopper’s Tomcat guide, I made changes to the server.xml file on the vGW SD VM. (Don’t forget to enable SSH in the settings WebUI, and then login as admin/<whatever password you gave> then do a ‘sudo bash’ to run as root, screw being nice!


# diff -ruN server.xml-old server.xml
--- server.xml-old 2017-01-14 18:20:07.000000000 +0800
+++ server.xml 2017-01-14 19:31:36.000000000 +0800
@@ -98,7 +98,7 @@
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
- ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+ ciphers="TLS_RSA_WITH_AES_128_CBC_SHA, ECDH-RSA-AES128-SHA"
keystoreFile="/var/lib/altor/cert/public_keystore" keystorePass="altoraltor"/&gt;

Naturally don’t forget to restart Tomcat, which does take forever:

bash-3.2# /etc/init.d/tomcat restart
Stopping tomcat: [ OK ]
Starting tomcat: [ OK ]

And now I’m FINALLY able to run  one of the sample scripts

# ./policyToXML.py –grp 1
<?xml version=”1.0″ encoding=”UTF-8″?>
<policy xmlns=”urn:altor:center:policy”>
<revision>340</revision>
<name>Global Policy</name>
<id>1</id>
<rev>1</rev>
<type>G</type>
<groupId>-1</groupId>
<machineId>-1</machineId>
<Inbound>

And you get the idea.  Certainly on the one hand it’s nice to get some data out of the vGW without using screen captures or anything else equally useless, and it sure beats trying to read stuff like this:

vGW VM effective policy for a VM

What on earth was Altor/Juniper thinking?  Who thought making the screen damned near impossible to read was a “good thing”™

I just wish I’d known about the SDK download on the now defunct firefly page a few years ago as it’d have saved me a LOT of pain, but as they say, not time like the present.

Naturally someone here is going to say, upgrade to the last version it’ll fix these errors, and sure it may, but are you going to bet a production environment that is already running obsolete software on changing versions?  Or migrate to a new platform? Sure, the first step I’d want of course is a machine formatted rule export of the existing rules.  And here we are.

Need Windows XP with IE 6?

Of course you do!

For a while Microsoft was offering VM’s configured for various platforms for download, but they have cut out both XP and IE7.  However the links have been collected, and can be downloaded here:

https://gist.github.com/zmwangx/e728c56f428bc703c6f6

The VMWare VM’s run fine on Windows even though they are named for OSX, although I did have to add in a NIC to the VMX.  It’s a great way to use a quick & disposable Windows XP/Vista/7/8/8.1/10 machines.  Although there isn’t a IE 7 for Windows XP, it’s trivial to upgrade XP / IE 6 to IE 7.

 

Nested VMWare ESXi

Virtual datacenter

My physical ESXi box, a lowly AMD FX 8320

One of the more cooler features of VMWare 5 is that it is capable of running itself.  While it

may seem silly at first, this is a great way to build a virtual environment where you can test scripts for provisioning (and destroying) stuff, along with testing API level calls without having to worry about screwing up production, begging for a ‘lab’ environment, or even better snapshotting the whole thing so you can revert whatever it is you are doing at a block level.  In short virtual datacenters really rock, especially for people like me who like to play in a really destructive manner.

So the first thing is that for this test I’m going to use a ‘freebie’ ESXi that I’ve been using for quite some time.  Naturally this should work for version 6, but since the stuff that I’m testing is all in 5.0 and 5.5 (the majority being 5.5) I wan to build a 5.5 environment.  In my insane scenario I have deployment access to a 2003 R2 x64 server with .net 2.0, and the majority of the environment I care about is VMWare ESX 5.5 along with vCenter. 5.5 on Windows 2008 servers.  So trying to mirror this a bit, that means that I’m going to skip the new fangled appliance, I don’t know if it really matters for what I want, but for the sake of trying to keep things the same I’m going to match what I can.

Creating the VMWare ESXi VM

I setup a generic ‘Other 2.6.x Linux (64-bit)’ VM, with a single socket, dual core processor, 4GB of RAM, a LSI SAS controller, with a 32GB disk, and 3 NIC’s with the VMXNET3 driver.  For some reason I had to change the CPU to explicitly allow for hardware MMU emulation.

Hardware MMU emulation

It’s also worth mentioning that when you are going to run ESXi on ESXi that any physical adapters that you want your virtual ESXi host to be able to lauch VMs and have them communicate onto you will need to enable the ‘Forged Transmits’ setting in the vSwitch properties.

vSwitch properties

With that in place, I was able to use my ESXi 5.5 ISO, and install into the VM.  There isn’t much to really say the installer will install ESXi, and reboot and you get the console.

ESXi running on ESXi

I went ahead and gave this ESXi server a static address, and that was pretty much it for the server.

Installing vCenter

I went ahead and used an eval copy of 2008 R2 that is available at Microsoft here.  The installation is really simple, not much to say but for my needs I gave the VM a static address, HOWEVER I did NOT install Active Directory as you cannot install vCenter onto a DC, and I really was not in the mood to have a DC along with a vCenter 2008 VMs as I’m only interested in doing API testing I don’t care about authentication plugins I’m only concerned with other aspects.  Obviously if you do care, then you’ll want to install 2 2008 servers.  I gave my 2008 server a static address of 192.168.1.12 so that I could easily find it on the network post-install.

Since I have no imagination, I renamed the server “vcenter” which of course will factor into the login credentials later on.

My ‘client’ gave me the ISO for vCenter “VMware-VIMSetup-all-5.5.0-3254792-20151201-update03.iso” which of course needs to be installed onto the 2008 server.

install vSphere vCenter

I did the easy install, as again I’m not building a real enterprise.  However I should point out that the easy install has a habit of popping alerts and prompts UNDER the current window so you could be waiting for quite a long long time for this to install when it really shouldn’t take all that long.  I also kept the option for the 2008 Express edition as I’m not going to try to stress the count of VMs 50 is far more than I require as again I’m only interested in limited stuff at this point.

vCenter ‘simple install’ ports

Again I just selected the defaults for the install as I’m not all that worried.  Phew with all of that done, it’s now ready to use!

Logging in

Now I went ahead and hit the following site:

https://192.168.1.12:9443/vsphere-client/#

I went ahead and installed the pluggin for a more ‘full’ experience with the web client.  The link is on the bottom of the page.

download this!

With all of that in place, I finally could use the web/flash site to login, using the local administrator account.  However upon logging in the domain was barren, no vcenters no data centers, nothing.

Empty data-center!

Obviously I must have screwed something up!  Even worse using the ‘fat’ C#/J# client (that I still love…) I would simply get this fun error:

You do not have permission to login to the server!

What? I don’t have permission?

A little digging around, and I found out of course, that it is because I don’t have an Active Directory, and that for ‘workgroup’ installs like this, you need to simply login as administrator@machine.local or ‘administrator@vsphere.local’ in my case, using the password that had to be set during the SSO installation.

Login

And now I was prompted to create my data-center, and add in the ESXi server into the virtual data-center.

vCenter is now operational

So now I have a virtual vCenter, along with an ESXi host to deploy stuff onto, and destroy all I want.  Even better VMWare Player & VMWare Fusion can also run ESXi nested, so you can take your virtual data-center with you on a laptop!  You can boot 2008 with vCenter in 2GB of RAM, although it really should have 4GB if not more, and with 4GB for an ESXi server that would be 8GB+ on any laptop or desktop.  However I’m lucky my ESXi server has 32GB of RAM, and my laptop has 16.  So it’s also a great excuse to upgrade!

Shout out to Json.NET

Nothing to do with virtual or legacy, well maybe it is.  I’m targeting .net 2.0 with the new and exciting world of JSON objects.

http://www.newtonsoft.com/json

So this library makes it super easy to pass it a long JSON string, and return a .net DataSet.

At the least it makes it easy to dump data out from one of those ‘hip new trendy’ web services, and stuff it into SQL so us old people can look at it.